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S (57) Abstract: Hardware, systems, devices, architecture and methods for a wagering game-specific platform features secure stor- 
age and verification of game code and/or other data. An external connection (208) securely communicates with a computerized 

^ wagering gaming system (207). Some embodiments of the invention provide the ability to identify game program code as certified 
or approved. This is provided by use of various electronic devices and elements for encryption, including at least a device that is 

Q internally embedded in the gaming device that access digital signatures, encrypted files, encrypted compiled files and hash functions 
as well as other encryption methods. Such functions are able to be effected, and security and validation is advantageously applied to 

^ data loaded into storage media even while the gaming machine is in operation. 
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PASS-THROUGH LIVE VALIDATION DEVICE AND METHOD 

5 BACKGROUND OF THE INVENTION 

The present invention relates generally to computerized wagering game 
systems, and more specifically to use of a physical system for embedding a data 
verification device, component or a verification subcomponent in a gaming apparatus. 
The verification device effects required validation and security functions through 

10 encryption, code analysis, data analysis and/or hash functions in a computerized 
wagering game system. 

Games of chance have been enjoyed by people for thousands of years and 
have enjoyed increased and widespread popularity in recent times. As with most 
forms of entertainment, players enjoy playing a wide variety of games and new 

15 games. Playing new games adds to the excitement of "gaming." As is well known in 
the art and as used herein, the term "gaming" and "gaming devices" are used to 
indicate that some form of wagering is involved, and that players must make wagers 
of value, whether actual currency or some equivalent of value, e.g., token or credit. 
One popular gaming device is the slot machine. Conventionally, a slot machine is 

20 -configured for a player to wager something of value, e.g., currency, house token, 
established credit, debit on existing credit or other representation of currency or 
credit. After the wager has been made, the player activates the slot machine to cause 
a random event to occur. The player wagers that particular random events will occur 
that will return value to the player. A standard gaming device causes a plurality of 

25 reels to spin and ultimately stop, displaying a randomly selected combination of some 
form of indicia, for example, numbers or symbols. If this display contains one of a 
preselected plurality of winning combinations, the machine releases money into a 
payout chute or increments a credit meter or stored credit record by the amount won 
by the player. For example, if a player initially wagers two coins of a specific 

30 denomination and that player achieved a payout, that player may receive the same 
number or multiples of the wagered amount in coins or credit of the same 
denomination as wagered. 
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There are many different formats for generating the random display of events 
that can occur to determine payouts in wagering devices. The standard or original 
format was the use of three reels with symbols distributed over the face of the reel. 
When the three reels were spun, they would eventually each stop in turn, displaying a 
5 combination of three symbols (e.g., with three reels and the use of a single payout line 
as a row in the middle of the area where the symbols are displayed.) By appropriately 
distributing and varying the symbols on each of the reels, the random occurrence of 
predetermined winning combinations can be provided in mathematically 
predetermined probabilities. By clearly providing for specific probabilities for each 

1 0 of the preselected winning outcomes, precise odds that control the amount of the 
payout for any particular combination and the percentage return on wagers for the 
house can be readily controlled. 

Other formats of gaming apparatus that have developed in a progression from 
the standard slot machine with three reels have dramatically increased with the 

15 development of video gaming apparatus. Rather than have only mechanical elements 
such as wheels or reels that turn and stop to randomly display symbols, video gaming 
apparatus and the rapidly increasing sophistication in hardware and software have 
enabled an explosion of new and exciting gaming apparatus. The earlier video 
apparatus merely imitated or simulated the mechanical slot games in the belief that 

20 players would want to play only the same games. Early video games therefore were 
simulated slot machines. The use of video gaming apparatus to play new games such 
as draw poker and Keno broke the ground for the realization that there were many 
untapped formats for gaming apparatus. Now casinos may have hundreds of different 
types of gaming apparatus with an equal number of significant differences in play. 

25 The apparatus may vary from traditional three reel slot machines with a single payout 
line, video simulations of three reel video slot machines, to five reel, five column 
simulated slot machines with a choice of twenty or more distinct pay lines, including 
randomly placed lines, scatter pays, or single image payouts. Video gaming systems 
may also enable the play of multiple games at separate times or at the same time (e.g., 

30 1 00 video poker games) on the same gaming device. 

In addition to the variation in formats for the play of games, bonus plays, 
bonus awards, and progressive jackpots have been introduced with great success. The 
bonuses may be associated with the play of games that are quite distinct from the play 
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of the original game. Examples include a video display of a horse race with bets on 
the individual horses randomly assigned to players that qualify for a bonus, the 
spinning of a random wheel with fixed amounts of a bonus payout on the wheel (or 
simulation thereof), and the selection of symbols or objects having random multipliers 
5 or values assigned to them that are displayed only after selection of the symbols or 
objects or attempting to select a random card that is of higher value than a card 
exposed on behalf of a virtual dealer. 

Examples of such gaming apparatus with a distinct bonus feature includes 
U.S. Patent Nos. 5,823,874; 5,848,932; 5,836,041; U.K. Patent Nos. 2 201 821 A; 2 

10 202 984 A; and 2 072 395A; and German Patent DE 40 14 477 Al. Each of these 
patents differs in fairly subtle ways as to the manner in which the bonus round is 
played. British Patent 2 201 821 A and German Patent DE 37 00 861 Al describe a 
gaming apparatus in which after a winning outcome is first achieved in a reel-type 
gaming segment, a second segment is engaged to determine the amount of money or 

15 extra games awarded. The second segment gaming play involves a spinning wheel 
with awards listed thereon (e.g., the number of coins or number of extra plays) and a 
spinning arrow that will point to segments of the wheel with the values of the awards 
thereon. A player will press a stop button and the arrow will point to one of the 
values. The specification indicates both that there is a level of skill possibly involved 

20 in the stopping of the wheel and the arrow(s), and also that an associated computer 
operates the random selection of the rotatable numbers and determines the results in 
the additional winning game, which indicates some level of random selection in the 
second gaming segment. 

U.S. Patent No. 6,264,557 describes a system for playing electronic games that 

25 includes a game server and one or more player terminals. Game results are based on a 
random number generated in each of the game server and the player terminals. The 
game server and the player terminals cooperate to ensure that the random numbers are 
generated independently. As a result, game players and the game host, such as a 
casino, can be confident that play results are not fraudulent. In one embodiment, the 

30 random numbers are transmitted between the game server and the player terminals at 
substantially the same time. In other embodiments, the random numbers are encoded 
and exchanged between the game server and the player terminals. Then, keys to 
decode the random numbers are exchanged. 
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U.S. Patent No. 6,203,427 describes a system for facilitating an Internet-based 
game of chance, particularly a computer-based version of a punchboard game having 
a grid with prizes associated with the various grid locations. The user can pay a 
central controller for each selection by providing a credit card number, or through 
5 other Internet transaction means. The central controller sends the user a fresh virtual 
punchboard (i.e. a game in which no selections have yet been made). The user selects 
a grid location, encrypts it, and then transmits it to the central controller. The central 
controller then generates prize values for the grid that it sent to the player. The user's 
computer stores the locations of each prize and determines whether the player's 

10 selection was a winner. If he has won, the player sends the decryption key to the 
central controller to decrypt his grid selection and authenticate his selection. The 
central controller then initiates a payment to the user. 

U.S. Patent No. 6,149,522 describes authentication of a casino game data set 
that is carried out within the casino game console using an authentication program 

1 5 stored in an unalterable ROM physically located within the casino game console. The 
casino game data set and a unique signature are stored in a mass storage device, which 
may comprise a read only unit or a read/write unit and which may be physically 
located either within the casino game console or remotely located and linked to the 
casino game console over a suitable network. The authentication program stored in 

20 the unalterable ROM performs an authentication check on the casino game data set at 
appropriate times, such as prior to commencement of game play, at periodic intervals 
or upon demand. At appropriate occasions, the contents of the unalterable ROM can 
be verified by computing the message digest of the unalterable ROM contents and 
comparing this computed message digest with a securely stored copy of the message 

25 digest computed from the ROM contents prior to installation in the casino game 
console. 

The invention described in U.S. Patent No. 6,106,396 is an electronic casino 
gaming system which greatly expands casino game play capability and enhances 
security and authentication capabilities. More particularly, the invention comprises an 
30 electronic casino gaming system and method having greatly expanded mass storage 
capability for storing a multiplicity of high resolution, high sound quality casino type 
games, and provides enhanced authentication of the stored game program information 
with a high security factor. According to a first aspect of the invention, authentication 



4 



WO 03/04551 9 PCT/US02/38054 

of a casino game data set is carried out within the casino game console using an 
authentication program stored in an unalterable ROM physically located within the 
casino game console. The casino game data set and a unique signature are stored in a 
mass storage device, which may comprise a read only unit or a read/write unit and 
5 which may be physically located either within the casino game console or remotely 
located and linked to the casino game console over a suitable network. The 
authentication program stored in the unalterable ROM performs an authentication 
check on the casino game data set at appropriate times, such as prior to 
commencement of game play, at periodic intervals or upon demand. At appropriate 

10 occasions, the contents of the unalterable ROM can be verified by computing the 
message digest of the unalterable ROM contents and comparing this computed 
message digest with a securely stored copy of the message digest computed from the 
ROM contents prior to installation in the casino game console. 

U.S. Patent No. 6,099,408 describes an electronic game system comprising a 

1 5 game server and one or more player terminals, wherein said one or more player 

terminals include: a first random number generator, and first transmitting means for 
transmitting said first random number to said game server at substantially the same 
time as a second random number is received; and wherein said game server includes: 
a second random number generator; and second transmitting means for transmitting 

20 said second random number to said one or more player terminals at substantially the 
same time as said first random number is received,.said system including means for 
generating a game result based on said first random number and said second random 
number. 

U.S. Patent No. 5,643,086 describes an electronic casino gaming system 
25 including an unalterable ROM for storing a casino game authentication program, 

including a message digest algorithm program, a decryption program and a decryption 
key. A casino game data set containing casino game rules and image data is stored in 
a mass storage device, such as a local disk memory or a remote network file server, 
along with the signature of the casino game data set. The signature is an encrypted 
30 version of the message digest of the casino game data set, prepared using a hash 
function. Prior to permitting game play by a player, the casino game data set is 
transferred from the mass storage device to main memory and during this process the 
message digest is computed from the image data using a hash function stored in the 
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ROM. The encrypted version of the message digest transferred from the mass storage 
device is decrypted using the decryption program and decryption key stored in the 
unalterable ROM. The two message digests are then compared for a match: if a match 
exists, game play is permitted; if a match does not exist, game play is prohibited. The 
5 authentication procedure is also used to check all casino game software, both 

programs and fixed data sets, stored in any memory devices distributed throughout the 
system, such as the system boot ROM, NVRAM and all sub-system memory devices. 
The authentication procedure is run whenever a particular program or fixed data set is 
scheduled for use by the system, and also at periodic intervals and on demand. 
10 U.S. Patents Nos. 5,823,874 and 5,848,932 describe a gaming device 

comprising: 

a first, standard gaming unit for displaying a randomly selected combination of 
indicia, said displayed indicia selected from the group consisting of reels, indicia of 
reels, indicia of playing cards, and combinations thereof; means for generating at least 

15 one signal corresponding to at least one select display of indicia by said first, standard 
gaming unit; means for providing at least one discernible indicia of a mechanical 
bonus indicator, said discernible indicia indicating at least one of a plurality of 
possible bonuses, wherein said providing means is operatively connected to said first, 
standard gaming unit and becomes actuatable in response to said signal. In effect, the 

20 second gaming event simulates a mechanical bonus indicator such as a roulette wheel 
or wheel with a pointing element. 

A video terminal is another form of gaming device. Video terminals operate 
in the same manner as conventional slot or video machines except that an electronic 
credit or a redemption ticket is issued rather than an immediate payout being 

25 dispensed. 

The vast array of electronic video gaming apparatus that is commercially 
available is not standardized within the industry or necessarily even within the 
commercial line of apparatus available from a single manufacturer. One of the reasons 
for this lack of uniformity or standardization is the fact that many of the operating 
30 systems that have been used to date in the industry are primitive. As a result, the 
programmer must often create code for each and every function performed by each 
individual apparatus. To date, no manufacturer is known to have been successful in 
creating a universal operating system for converting existing equipment (that includes 
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features such as reusable modules of code) at least in part because of the limitations in 
utility and compatibility of the operating systems in use. When new games are 
created, new hardware and software is typically created from the ground up. 

At least one attempt has been made to create a universal gaming engine that 
5 segregates the code associated with random number generation and algorithms 
applied to the random number string from the balance of the code. Carlson U.S. 
Patent 5,707,286 describes such a device. This patentee recognized that modular code 
would be beneficial, but only contemplated making random number generation and 
transfer algorithms modular. 

10 Devices for authentication of data are used in gaming machines at the present 

time. For example, Aurora Casino Equipment uses a bridge that is inserted between a 
single EPROM chip and the gaming machine. This bridge has a communication 
function that apparently broadcasts a signature to an RF receiver to verify hard 
memory on the EPROM chip. Each EPROM would require a separate broadcasting 

15 bridge to authenticate each EPROM. The published system also appears to 
authenticate data on an EPROM upon boot up. 

The lack of a standard operating system has contributed to maintaining an 
artificially high price for the systems in the market. The use of unique hardware 
interfaces in the various manufactured video gaming systems is a contributing factor. 

20 The different hardware, the different access codes, the different pin couplings, the 
different harnesses for coupling of pins, the different functions provided from the 
various pins, and the other various and different configurations within the systems has 
prevented any standard from developing within the technical field. This is 
advantageous to the apparatus manufacturer, because the games for each system are 

25 provided exclusively by a single manufacturer, and entire systems can be readily 

obsoleted, so that the market will have to purchase a complete unit rather than merely 
replacement software. Also, competitors cannot easily provide a single game that can 
be played on different hardware. A solution to this problem is presented in our co- 
pending application for Video Gaming Apparatus for Wagering with Universal 

30 Computerized Controller and I/O Interface for Unique Architecture, assigned serial 
number 09/405,921, filed September 24, 1999, and application serial number 
09/847,051, filed May 1, 2001 (having the same title), the disclosures of which are 
incorporated herein by reference. 
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The invention of computerized gaming systems that includes a common or 
universal video wagering game controller that can be installed in a broad range of 
video gaming apparatus without substantial modification to the game controller has 
made possible the standardization of many components and of corresponding gaming 
5 software within gaming systems. Such systems desirably will have functions and 
features that are specifically tailored to the unique demands of supporting a variety of 
games and gaming apparatus types, and will do so in a manner that is efficient, secure, 
and cost-effective. 

In addition to making communication between a universal operating system and non- 

10 standard machine devices such as coin hoppers, monitors, bill validators and the like 
possible, it would be desirable to provide security features that enable the operating 
system to verify that game code and other data has not changed during operation. 

Alcorn et al. U.S. Patent 5,643,086, as mentioned above, describes a gaming 
system that is capable of authenticating an application or game program stored on a 

15 mass storage media device such as a CD-ROM, RAM, ROM or other device using 
hashing and encryption techniques. The mass storage device may be located in the 
gaming machine, or may be external to the gaming machine. This verification 
technique therefore will not detect any changes that occur in the code that is executing 
because it tests the code residing in mass storage prior to loading into RAM. The 

20 authenticating system relies on the use of a digital signature and suggests hashing of 
the entire data set during the encryption and decryption process. See also, Alcom et 
al. U.S. Patent 6,106,396 and Alcorn et al. U.S. Patent 6,149,522. In particular, U.S. 
Patent No. 6,149,522 describes a method for authentication of a casino game data set 
that, in its broadest concept, requires a) providing a data set for a casino game, b) 

25 computing a primary abbreviated bit string that is unique to the data set, c) encrypting 
the unique abbreviated bit string data set to provide a signature, and d) storing the 
casino data set and the signature. 

In any computer based gaming apparatus, the security of the device and its 
computer system is extremely important. Operating a security system should be 

30 minimally obtrusive in the operation of the games. The internal security systems 

described above are only one useful method of providing some level of security to the 
gaming devices. Externally accessible security systems are also desirable. Among 
commercially available security systems are a series of gaming system validators sold 
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by Kobetron™ Inc. (including at least the Kobetron™ GI-3000) and by DATAMAN, 
Ltd. (including at least the S4 Validator security system). Both of these systems 
operate in substantially the same manner. The gaming device is powered down, the 
device is opened, a memory chip (e.g., an EPROM) is removed from the hardware in 
5 the device, the memory chip is inserted into the validation device (usually a hand-held 
device), the memory chip is read and/or interrogated by the validation device, and 
after validation has been achieved, the memory chip is reinserted into the gaming 
device and the gaming device is powered up to enable use of the gaming device by a 
player. This manual operation must be performed on each individual gaming device 

10 and requires the operator to take the machine out of service during the process. It is 
desired to have a more easily implemented security system that is less intrusive on the 
play time of the apparatus. 

It is further desired by the inventors that the security system and any game 
program code be identifiable as certified or approved, such as by the Nevada Gaming 

1 5 Regulations Commission or other regulatory agency. 

THE INVENTION 

The present invention relates to hardware systems or gaming engines (and 
associated software and additive components) that may be constructed in or added to 

20 gaming systems, including both computer assisted table gaming systems, reel slot 

gaming systems and video gaming systems to assist in or effect authentication of data 
within gaming systems. The gaming engine includes a least one information storage 
medium that is connected to communicate with a separate processing intelligence. 
The connection must at least enable communication between the information storage 

25 medium and the processing intelligence. The processing intelligence is itself 

communicatively connected to a processor, such as a host computer and especially a 
gaming computer. In the gaming industry, the storage medium generally associated 
with a gaming engine has write protection. This protection may be provided, for 
example, by operation of the processing intelligence preventing writing onto the 

30 storage medium, a firewall-type system, hardware and/or software providing write 
protection to the storage medium, or any other form of write protection. An alarm 
system may be provided so that if the storage memory is written upon after 
installation, an alarm is set-off, but the primary defense is to provide write-prevention 
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into the system. The storage medium may also be Read Only Memory (ROM, 
EPROM, etc.) which inherently prevents write protection after installation. The 
memory can be writable memory (such as a hard drive, CD-Rom, Flash memory and 
the like), but the processing intelligence is programmed to prevent any writing, or any 
5 unauthorized writing into memory. The processing intelligence is typically 
accompanied by associated memory, either the intelligence, the memory or both 
containing or providing an authentication function or process to authenticate data on 
the storage medium. Authentication can be performed entirely within the gaming 
engine or system without any external reading or implements, or the specific design of 

10 the system may use or require external access, activation or intelligence. In one 

preferred form of the invention, any external activity should not be able to write onto 
the storage medium so that the write-protection is maintained. In another form of the 
invention, the content of the storage medium may be downloadable from an external 
secure source, such as a casino computer system network. 

15 The invention provides hardware, systems, devices, an architecture and 

methods for a wagering game-specific platform that features secure storage and 
verification of data, including game code, other executable code and any non- 
executable files, provides the optional ability to securely externally exchange data 
with a computerized wagering gaming system, provides the optional ability to 

20 communicate with a device external to the gaming machine to transmit data and 

verification information, and does so in a manner that is straightforward and easy to 
manage. External exchange of information is a relative term that must be explained in 
the practice of the invention. For purposes of this disclosure, "direct external 
exchange" is defined as information exchanged between an external device or system 

25 and a security device positioned within the gaming machine, without any opening of 
the game housing and without any unique implement being inserted through a port or 
special physical information connection. Examples of this communication technique 
would be through radio frequency (RF) exchange, infrared exchange, magnetic field 
exchange and the like. A "semi-direct external exchange" for purposes of this 

30 disclosure would be information exchange between an external device or system and a 
security device positioned within the gaming machine, the information exchange 
occurring through a port or other physical access built into the system so that access 
may be connected without opening the game housing or without opening the In- 
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Circuit Validation (hereinafter "ICV") insert. A cable, wire, pin connection, fiber 
optic or other communication port can be used in this semi-direct external exchange. 
An "indirect external exchange" for purposes of this disclosure requires that the 
housing be opened and storage media removed and/or the housing is opened and an 
5 ICV insert be opened to gain physical communication connection to the memory. 
This might require removing a chip, such as an EPROM chip, so that the chip may be 
separately examined for verification. Or, it might require placing a bridge between 
the EPROM chip and the circuit board, for example. Some embodiments of the 
invention provide the ability to identify game program code as certified or approved, 

10 such as by the Nevada Gaming Regulations Commission or other regulatory agency. 
The invention provides these and other functions by use of various electronic devices 
and elements for performing various forms of verification, including hashing, 
encryption, authentication, and the verification of digital signatures, using a device 
that is attached (e.g., internally embedded, externally attached, internally attached or 

1 5 distally connected to a computer or housing, etc.) in or to the gaming device and that 
accesses digital signatures, encrypted files, encrypted compiled files and hash 
functions as well as using other authentication methods to verify data. Such functions 
are able to be effected and security and validation performed advantageously to data 
prior to loading into various memory devices in the gaming machine (such as RAM 

20 and NVRAM) and preferably occurs while the ganyng machine is in operation. 

In a first embodiment within the generic concept of the invention, an 
Externally Accessible Pass Through Security Device, hereinafter referred to as an 
EAPTSD (e.g., with a microprocessor) is described as follows. The EAPTSD is 
preferably a device that is distinct from the host computer and is installed in 

25 communicative connection with the gaming apparatus, for example, between the host 
gaming computer and an at least one storage media, within the gaming machine 
cabinet. In this example of one alternative embodiment of the invention, the 
EAPTSD acts as a information gate, and will only allow the host processor to access 
and load data residing on the storage media that has first been verified. The EAPTSD 

30 also prevents the host computer or an external device from writing to the memory, if 
the memory is writable memory. In one preferred example of the invention, the 
storage media is writable flash memory. The EAPTSD is optionally accessible from 
an external communication device such as a hand-held data verification device. The 
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data passing through the EAPTSD to the external communication device may be 
capable of direct data exchange or semi-direct data exchange. 

In a second embodiment within the generic concept of the invention, the entire 
authentication system (including the processing intelligence and associated memory 
5 that validates data stored on at least one storage media and at least one storage media 
is included within an internal and enclosed housing component that is installed within 
the gaming housing and placed into communicative connection with the controller. In 
this embodiment, the entire authentication system preferably resides in a sealed 
internal compartment that can be visualized by a regulator or technician as being 

10 tamper evident. The system components included within the internal housing 

component also preferably include hardware or hardware and software that blocks 

writing onto the storage medium. This internal housing and its functional components 

may be communicatively connected to the controller or computer, by means of a 

physical connection, for example a pin structure that would allow the device to be > 

15 plugged into a hard drive port in a computer. This encased system is referred to in the 
practice of the present invention as a secure disk or Secure Disk™ (2002, Shuffle 
Master, Inc.) authentication system. 

In a third embodiment within the generic practice of the invention, a Read 
Only Memory board that is pinned to plug into a hard drive port is communicatively 

20 connected to a processing intelligence function (which may be a hard drive processor 
or other processor or microprocessor separate from the host computer, and may 
exclude an actual hard drive storage media as long as the processing or controlling 
function is provided, such as by a programmable memory chip). This form of system 
is referred to as an Integrated Device Electronics ROMDISK system or IDE 

25 ROMDISK system. 



Figure 1 shows a computerized wagering game apparatus such as may be used 
to practice some embodiments of the present invention. 

Figure 2 shows a diagram of a networked computer connected to certain 
30 components comprising a portion of a computerized wagering game apparatus, 
consistent with some embodiments of the present invention. 

Figure 3 is a diagram of a process of creating a signature for a loadable data 
set, utilizing a public/private key algorithm. 
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Figure 4 is a diagram of a process for verifying a loadable data set has not 
changed during operation of the gaming device. 

Figure 5 is a block diagram illustrating one exemplary embodiment of a 
gaming system according to the present invention. 
5 Figure 6 is a diagram illustrating one exemplary embodiment of a process for 

preparing a game data set for authentication according to the present invention. 

Figure 7 is a diagram illustrating one exemplary embodiment of a game data 
set and key used in a gaming system according to the present invention. 

Figure 8 is a diagram illustrating one exemplary embodiment of a message 
10 authentication code process used in a gaming system according to the present 
invention. 

Figure 9 is a diagram illustrating one exemplary embodiment of a control file 
used in a gaming system according to the present invention. 

Figure 10 is a diagram illustrating one exemplary embodiment of a process for 
15 encrypting a control file for use in a gaming system according to the present 
invention. 

Figure 1 1 is a diagram illustrating one exemplary embodiment of a process for 
authenticating a game used in a gaming system according to the present invention. 

Figure 12 is a diagram illustrating one exemplary embodiment of a process for 
20 verifying a game program in a gaming system according to the present invention. 

Figure 13 shows a second generation intelligent chip validation (IVC) system 
that can be installed as a distinct unit within the gaming apparatus and 
communicatively connected to a controller or computer. 

Figure 14 shows a third generation IVC system having the authentication 
25 program embedded outside of the controller or computer. 



In the following detailed description of embodiments of the invention, 
reference is made to the accompanying drawings that form a part hereof, and in which 
is shown by way of illustration specific sample embodiments in which the invention 
30 may be practiced. These embodiments are described in sufficient detail to enable 
those skilled in the art to practice the invention, and it is to be understood that other 
embodiments may be utilized and that logical, mechanical, electrical, and other 
changes may be made without departing from the spirit or scope of the present 



13 



WO 03/045519 



PCT7US02/38054 



invention. The following detailed description is, therefore, not to be taken in a 
limiting sense, and the scope of the invention is defined only by the appended claims. 

The practice of the invention includes the use of a device that can be installed 
inside of a gaming device and that can be accessed by a device or system located 
5 outside of the gaming machine. The system may or may not require a physical data 
port. For example, the device may be accessed by a pin connection or an RF signal. 
A second external device or computer system may be plugged into the port or may 
access data by any other known means or systems in a gaming machine. The second 
device communicates with the externally accessible memory device (EAPTSD) to 

10 verify and authenticate data such as information or code in mass storage while the 
machine is powered up or running. The EAPTSD can either continuously monitor the 
storage media or will verify and/or authenticate on request (for example, at the request 
of a gaming agent) the content of the storage media. For example, the device may be 
programmed to verify the data every 10 minutes, every 5 minutes, every 1, 2, 3, or 4 

15 minutes or other fixed or variable time interval (e.g., changing with time of day or rate 
of use), and upon accessing the information with the second external device or 
external computer system (such as a network), the EAPTSD is programmed to display 
the last verification output. Alternately, the verification is repeated when the second 
external device and/or system prompts the EAPTSD to do so. Preferably the device 

20 will generate a signal that is an indication that the code has been corrupted, or that the 
code is still the same and is uncorrupted. This signal can be monitored by the second 
device, a host computer acting as the second device, the processing intelligence, or a 
centralized monitoring system. 

In a first embodiment of the invention, an Externally Accessible Pass Through 

25 Security Device, hereinafter referred to as an EAPTSD (e.g., with a microprocessor) 
is installed in communicative connection with the gaming apparatus, for example, 
between the gaming computer and the storage media within the gaming machine 
cabinet. For example, the EAPTSD may be communicatively between the gaming 
computer and the storage media, so that the gaming computer must pass data through 

30 the EAPTSD to communicate with the storage media. The physical location of the 
EAPTSD is not critical, and the EAPTSD may be inside the housing (i.e.-the 
cabinet), on the door of the housing, outside the housing, insertable into a connecting 
port on the housing, or communicatively positioned at or with an external computer 
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(e.g., a pit computer, central computer, or mainframe, etc.). If located outside of the 
housing and associated with a separate computer, the EAPTSD may be 
communicatively positioned in or with the pit computer or host computer or other 
networking computer. In that manner, a single EAPTSD may be used for a host of 
5 gaming devices. The gaming computer communicates with the storage media through 
the EAPTSD, essentially without the gaming computer or the memory storage being 
aware of the presence of the EAPTSD. The EAPTSD reads and may evaluate 
information being transmitted between the gaming computer and the storage media 
and may selectively store transmitted information, and may approve, disapprove or 

10 authenticate unique information (e.g., disallowing any unauthorized attempts to write 
on the storage media). 

The EAPTSD has the ability to validate the storage media during the regular 
operation of the gaming computer without intervention or other interaction from the 
gaming computer. The EAPTSD therefore advantageously does not interfere with the 

1 5 processing capability of the game computer. This validation mechanism can be 

triggered at regularly occurring intervals, in response to communication between the 
gaming computer and the storage media, or by an external controller through an 
external communication port or by means of wireless connection. This validation 
mechanism is independent of the content, formatting or usage of the storage media or 

20 the system as a whole. The EAPTSD can potentially be used on any system that has a 
computer, storage media and the need for validation of the content of the storage 
media. Thus, the present invention does have a field of utility outside the scope of the 
gaming industry. For example, the device could be used with ATMs, credit devices, 
security systems (as with entry security systems), vehicle access (airplane, boat, 

25 automotive access) systems, and the like. 

For purposes of this disclosure, the term "data" includes executable as well as 
non-executable code, and raw data such as data files and the like. In one embodiment, 
the EAPTSD of the present invention provides a method of preparing a game data set 
for authentication. The method includes providing a game data set. A data 

30 authentication program, process, apparatus, system and code that are unique to the 
combination of the game data set and the encoding/encryption applied is determined. 
In one example of the invention, the game data set, the encoded game data set and the 
message authentication code are validated by the EAPTSD. In another embodiment, 
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the present invention provides a method of authenticating information, including a 
game and game and operational components used in a gaming system. The method 
includes creating and receiving an encrypted control file. The encrypted control file is 
decrypted to provide a control file. The control file includes a set of program files, 
5 file names, a set of message authentication codes including a message authentication 
code unique to each program file, and at least one message authentication code key. 
The original control file is used by the EAPTSD to authenticate the game. 

In another embodiment, the present invention provides the externally 
accessible memory device in combination with a gaming system. The gaming system 

10 in this example includes nonvolatile memory. A control file is stored in the 

nonvolatile memory. The control file includes a game data set, at least one message 
authentication code unique to the game data set, and at least one message 
authentication code key. A game controller is provided, wherein the game controller 
operates to selectively authenticate the game data set during operation of the gaming 

15 system. 

In another embodiment, the present invention provides the externally 
accessible pass through security EAPTSD in combination with a gaming system. The 
gaming system includes at least one nonvolatile memory device such as NVRAM. 
An encrypted control file is stored in the nonvolatile memory. The encrypted control 

20 file includes a set of program file names, a message authentication code unique to 
each program file, and at least one message authentication code key. A gaming 
controller is provided, wherein the gaming controller operates to decrypt the 
encrypted control file and authenticate the gaming program files during operation of 
the gaming system. Gaming system devices are provided in communication with the 

25 gaming controller via a gaming system interface. Various aspects of the invention 
may be described as including an authentication enabling system for an electronic 
gaming system comprising: at least one information storage medium 
communicatively connected to processing intelligence; the processing intelligence 
communicatively connected to a gaming computer; wherein the at least one 

30 information storage medium is write protected or has read only memory; and the 

processing intelligence contains an authentication function to authenticate data on the 
at least one information storage medium. The authentication enabling system may 
have an outlet port provided on the system to enable read out of results of 
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performance of the authentication function. The system may have a memory storage 
element that must be directly accessed to enable read out of results of performance of 
the authentication function. The authentication is preferably a continuous function or 
at least a closely spaced periodic function (e.g., after performance of one verification 
5 cycle, recycling the process at least every half hour, at least every fifteen minutes, at 
least every five minutes, at least every one minute, at least every 30 seconds, at least 
every fifteen seconds, at least every 10 seconds, at least every five seconds, at least 
every second, etc.). It is a preferred structure of the system to have the at least one 
information storage medium and the processing intelligence contained within a single 

10 housing that does not contain gaming peripherals. Gaming peripherals, for example, 
include coin changers, video screens, audio speakers, currency acceptors, manual 
controls (e.g., levers, joy sticks, buttons, touch screens, etc.) and other components 
that are physical systems peripheral to game play. It is preferred to have the at least 
one intelligence storage medium as read only memory, and even to have all of the 

1 5 intelligence storage medium within the single housing as read only memory. One 
preferred type of memory is flash memory. The term "single housing" is used to 
distinguish the container or box with the system in it from the gaming apparatus 
housing. The authentication system is preferably provided in an apparatus having a 
reel slot gaming display or a video gaming display comprising a housing containing 

20 the authentication enabling system and a separate host game computer. .For example, 
a gaming apparatus may comprise a gaming machine housing, a game computer, a 
storage media having at least some type of casino game information or data stored 
thereon, an external accessible port or wireless connection, and an externally 
accessible pass through security device that can be accessed through the external 

25 accessible port or wireless connection, the externally accessible pass through security 
device being capable of enabling verification of at least some casino game 
information. The gaming apparatus may also be described as comprising a housing, a 
game computer having memory, a storage media having at least some casino game 
information or data, an externally accessible communication port or wireless 

30 connection, and communicatively between the game computer and the storage media 
an externally accessible pass through security device that can be accessed through the 
externally accessible port or wireless connection, the externally accessible pass 
through security being capable of enabling verification of casino game information or 
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data. In these last two systems in gaming apparatus housing, for example, the game 
computer may communicate with storage media through the externally accessible pass 
through security and the EAPTSD allows communication through the externally 
accessible communication port or wireless connection to or from the storage media 
5 while preventing external communication to the game computer. The gaming 
apparatus may have the externally accessible pass through security preventing 
communication through the externally accessible communication port from writing on 
the storage media. Alternatively or additionally, the externally accessible pass 
through security allows communication to storage media with approval of the 

10 communication content. The gaming apparatus may have the externally accessible 
pass through security allow communication between the host computer and the 
storage media and prevent such communication from writing on storage media. The 
gaming apparatus may have verification communication through the external 
addressable communication port to externally accessible pass through security, 

1 5 allowing verification communication to storage media with no contemporary 
verification communication from the game computer to the storage media. The 
gaming apparatus may be programmed so that extant verification communication 
between the externally accessible pass through security and the storage media may 
pause when game communication is initiated by the game computer to the storage 

20 media. The gaming apparatus may also be programmed so that extant verification 
communication between the externally accessible pass through security and the 
storage media pauses when game communication is initiated by the game computer to 
the storage media. This may be effected where verification communication that has 
been paused, continues or reinitiates when game communication ceases between the 

25 game computer to the storage media. The gaming apparatus may have a 
microprocessor that can be externally connected to the externally accessible 
communication port, and verification of casino game information is performed on a 
microprocessor that is externally connected to the external addressable 
communication port. 

30 A method of verifying casino gaming data in a computer-based gaming 

apparatus according to the invention may comprise connecting a computer 
communication device to an external communication port on a casino gaming 
apparatus so that the computer communication device is in communication with a) a 
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security device inside of the gaming apparatus that authenticates data on information 
storage media within the apparatus and is distinct from a game computer and the 
information storage media in the gaming apparatus, and the computer communication 
device authenticates casino gaming data in storage media. This method may have the 
5 security device continuously authenticating casino gaming data in storage media. The 
method may be executed wherein so that while the computer communication device is 
in communication with storage media and the gaming computer communicates with 
storage media, communication between the computer communication device and the 
storage media pauses or ceases. The method may operate so that when 

10 communication between the gaming computer and the storage media ceases, 

communication between the computer communication device and the storage media 
begins or continues. The method may be practiced wherein the computer 
communication device is in communication with a security device inside of the 
gaming apparatus is distinct from a game computer and storage media in the gaming 

15 apparatus and the security device is in communication with the storage media. The 
method may provide the computer communication device in communication with a 
security device inside of the gaming apparatus while the gaming apparatus is powered 
up and/or wherein the computer communication device is in communication with a 
security device inside of the gaming apparatus while the gaming apparatus is 

20 executing a casino game. 

An alternative way of describing a method according to the invention is as a 
method of verifying casino gaming data in a computer-based gaming apparatus 
comprising connecting a computer communication device to an external 
communication port or wireless connection on a casino gaming apparatus so that the 

25 computer communication device is in communication with a security device inside of 
the gaming apparatus that is distinct from a game computer and storage media in the 
gaming apparatus, and the security device verifies casino gaming data in storage 
media. The method may be practiced wherein the security device communicates 
verification of casino gaming data to the computer communication device, the host 

30 computer or both. This may be practiced while the computer communication device 
is exchanging verification information with the security device storage media and the 
gaming computer communicates with storage media, communication between the 
computer communication device and the storage media pauses or ceases. 
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Additionally the method may be practiced wherein the computer communication 
device is in communication with the security device and the security device is in 
communication with the storage media and the security device is not in 
communication with the gaming computer. Alternatively the computer may be a 
5 communication device in communication with the security device inside of the 
gaming apparatus while the gaming apparatus is powered up, and/or wherein the 
computer communication device is in communication with the security device inside 
of the gaming apparatus while the gaming apparatus is executing a casino game. 

The externally accessible pass through security (EAPTSD) may optionally be 

10 designed to prevent writing to writable memory storage, such as the compact flash, or 
nonwritable media such as CD ROM, or any other mass storage device. This would be 
particularly desirable to gaming agents. The EAPTSD may be activated or accessed 
by an external controller. The external controller or device may be a hand-held 
device, or a connection through a network (e.g., through a cable or RF transmission) 

15 to a stand-alone device, such as a host computer or central computer. Upon 

activation, the content of the mass storage device is outputted (e.g., in serial form), 
and a signature or other verifiable code created. The signature or code is then 
compared with known signatures or code to determine if there is a match. 
Alternatively, the signature or other verifiable code may be created in the EAPTSD 

20 . and the signature is sent to the external controller for matching in its database of 

known signatures. The validator in some embodiments can also have connectors for 
or may be designed to work exclusively with (again with external access through an 
external hard wired or wireless port on the gaming device) other types of storage 
devices such as EPROMS, chips (e.g., Pick chips), circuit boards, logic devices, 

25 memory devices, and the like and is capable of verifying data on that media also. 

The EAPTSD may or should be able to verify at a "lower level" than the 
encryption methods we have described in commonly assigned three pending 
applications, all entitled "Encryption (Authentication) in a Secure Computerized 
Gaming System", assigned serial number 09/520,404, filed on March 8, 2000, PCT 

30 application PCT/US0 1/07381, filed March 8, 2001 and application serial number 
09/949,021 filed September 10, 2001 (which applications are incorporated herein by 
reference) and U.S. Patents Nos. 5,643,086; 6,149,522; and 6,106,396 (which are also 
incorporated herein by reference), and that any of those encryption methods may be 
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used in combination with the EAPTSD to secure any or all of the data. Since the 
technique uses separate intelligence to perform the verification step, the process does 
not tax the resources of the host computer and does not interfere with the performance 
of the machine. The verification can therefore advantageously occur simultaneously 
5 with boot up and therefore increase the speed in which the machine becomes ready for 
operation. 

In one example of the invention, all of the encryption and authentication 
capabilities reside in the EAPTSD. The EAPTSD can utilize any of the encryption 
techniques described above and incorporated herein by reference. In another 

10 example, the "lower level" security takes place in the EAPTSD, and higher level 
security is in the operating system, (or "O/S"), as described in the above patents and 
applications. It appears that it is most desirable to verify only code that is going to be 
read by the gaming machine, instead of all of code and memory. Some of the above- 
described encryption techniques can zero out all unused storage, which might address 

1 5 some of the issues raised below (in the discussion of why it is undesirable to verify all 
of the code). 

The present invention may use an EAPTSD in various embodiments in 
combination with a structure that provides an architecture and method for a universal 
operating system that features secure storage and verification of game code, game 

20 data and other code and/or data, provides the ability to securely exchange data with a 
computerized wagering gaming system, and does so in a manner that is 
straightforward and easy to manage. Some embodiments of the invention provide the 
ability to identify game program code as certified or approved, such as by the Nevada 
Gaming Commission or other regulatory agency. The invention provides these and 

25 other functions by use of authentication, including digital signatures and hash 

functions as well as other encryption or authentication methods to data being verified. 
Because hash functions and other encryption methods are employed widely in the 
present invention, they are introduced and discussed below. 

"Hash functions" for purposes of this disclosure are a type of function that 

30 generates a unique data string from a specific set of data, typically of fixed length 
from variable strings of characters or text. The data string generated is typically 
substantially smaller than the text string itself, but is long enough that it is unlikely 
that the same number will be produced by the hash function from different strings of 
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text (e.g., up to 230 integers, 260 integers, 2100 integers, 2160 integers or more). The 
formula employed in the hash function must also be chosen such that it is unlikely 
that different text strings will produce the same hash value. An example of a suitable 
hash function is a 160 bit SHA hash. Regardless of file size, the hash value will be 
5 160 bits in length. 

The hashed data string is commonly referred to as a "message digest." A 
message digest can be stored for future use, or encrypted and then stored in 
nonvolatile memory, for example. 

Hash functions are often used to hash data records to produce unique numeric 
10 values corresponding to each data record in a database, which can then be applied to a 
search string to reproduce the hash value. The hash value can then be used as an 
index key, eliminating the need to search an entire database for the requested data. 
Some hash functions are known as one-way hash functions, meaning that with such a 
function it is extremely difficult to derive a text string that will produce a given hash 
1 5 value, but relatively easy to produce a hash value from a text string. This ensures that 
it is not feasible to modify the content of the text string and produce the same hash 
value. 

Such a function can be used to hash a given character string and produce a 
first hash value that can later be compared to a second hash value derived from the 
20 same character string, to ensure the character string has not changed. 

If the character string has been altered, the hash values produced by the same 
hash function will be different. The integrity of the first hash value can be protected 
against alteration by use of other encryption methods such as the use of a digital 
signature. 

25 Digital signatures are employed to sign electronic documents or character 

strings, and ensure that the character string has not been altered since signing. Digital 
signatures typically are employed to indicate that a character string was intentionally 
signed with an unforgeable signature that is not reusable with another document, and 
that the signed document is unalterable. The digital signing mechanism or method is 

30 designed to meet these criteria, typically by using complex mathematical encryption 
techniques. 
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One example is use of a public key/private key encryption system to sign a 
document. In a public key/private key system, a user has a pair of keys, either of 
which may be used to encrypt or decrypt a document. The public key is published 
or distributed in a manner that reasonably ensures that the key in fact belongs to the 
5 key owner, and the private key is kept strictly secret. If someone wishes to send a 
character string that only a certain person may read, the character string is encrypted 
before sending using the intended reader's public key. The character string is then 
visible only by using the intended reader's private key to decrypt the character string. 
However, if a user wishes to send a character string in such a manner that the 

10 document is virtually guaranteed to be the authentic document created by the sender 
but essentially anyone can read it, the user can sign the document by encrypting it 
with his private key before sending. Anyone can then decrypt the document with the 
signer's public key that is typically widely distributed, and can thereby verify that the 
character string was signed by the key pair owner. This exemplary embodiment 

1 5 meets the requirements of a digital signature, ensuring that a character string was 
intentionally signed with an unforgeable signature that is not reusable with another 
document, and that the signed document is unalterable. 

Because encryption of large character strings such as large computer programs 
or long text documents can require a substantial amount of time to encrypt and 

20 decrypt, some embodiments of digital signatures implement one-way hash functions. 
In one such embodiment, the signer uses a known one-way hash algorithm to create a 
hash value for the character string, and encrypts the hash value with his private key. 
The document and signed hash value are then sent to the recipient, who runs the same 
hash function on the character string and compares the resulting hash value with the 

25 hash value produced by decrypting the signed hash value with the signer's public key. 
Such a method provides very good security, as long as the hash function and 
encryption algorithm employed are suitably strong. 

Encryption of data via a public key/private key system is useful not only for 
producing digital signatures, but also for encryption of data before sending or storing 

30 the data or to keep data secure or secret in other applications. Similarly, symmetric 
encryption techniques which rely on encryption and decryption of the same single 
secret key may be applied to such applications. For example, transmission of 
program data between a network server and a computerized wagering game apparatus 
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may be secured via a symmetric encryption technique, and the program data received 
in the game apparatus may be verified as approved by a regulatory agency via a 
digital signature employing hash functions and public key cryptography before 
execution. 

5 Other encryption methods and formulas exist, and are also usable consistent 

with the present invention. Some symmetric encryption methods, such as DES (Data 
Encryption Standard) and its variants rely on the secrecy of a single key, and so may 
not be adaptable to those specific methods described as a narrow practice within the 
generic scope of the present invention herein that require a key pair with a public key. 

10 A variety of other authentication methods, such as RSA and Diffie-Hellman are 

consistent with public/private key methods, and are usable in these methods. Various 
hash functions may also be employed, such as MD5 or SHA, and will be useful in 
many aspects consistent with the present invention so long as they are sufficiently 
nonreversible to be considered one-way hash functions. Various authentication 

1 5 methods will also provide varying degrees of security, from those that are relatively 
easy to defeat to those that are extremely difficult to defeat. These various degrees of 
security are to be considered within the scope of authentication methods consistent 
with this application, including various degrees of security that may to varying 
degrees of probability make encrypted data unforgeable, unreadable, or the like. A 

20 variety of authentication methods exist and are expected to be developed in the future, 
all of which are likely to be employable in some aspect consistent with the present 
invention, and are within the scope of the invention. 

Figure 1 shows an exemplary gaming system 100, illustrating a variety of 
components typically found in gaming systems and how they may be used in 

25 accordance with the present invention. User interface devices in this gaming system 
include push buttons 101, joystick 102, and pull arm 103. The device could also 
include a touch screen (not shown). Credit for wagering may be established via coin 
or token slot 104, a device 105 such as a bill receiver or card reader, a ticket reader, a 
player tracking card, or any other credit input device. A card reader 105 may also 

30 provide the ability to record credit information on a user's card when the user has 

completed gaming, or credit may be returned via a coin tray 106 or other credit return 
device. Credit status may also be transmitted to a central computer system. 
Information is provided to the user by devices such as video screen 107, which may 
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be a cathode ray tube (CRT), liquid crystal display (LCD) panel, plasma display, 
light-emitting diode (LED) display, or other display device that produces a visual 
image under control of the computerized game controller. Also, buttons 101 may be 
illuminated to indicate what buttons may be used to provide valid input to the game 
5 system at any point in the game. Still other lights or other visual indicators may be 
provided to indicate game information or for other purposes such as to attract the 
attention of prospective game users. Sound is provided via speakers 108, and also 
may be used to indicate game status, to attract prospective game users, or for other 
purposes, under the control of the computerized game controller. 

10 The gaming system 100 further comprises a computerized universal game 

controller 1 1 1 and I/O interface 1 12, connected via a wiring harness 1 13. The 
universal game controller 1 1 1 need not have its software or hardware designed to 
conform to the interface requirements of various gaming system user interface 
assemblies, but can be designed once and can control various gaming systems via I/O 

15 interfaces 1 12 designed to properly interface an input and/or output of the universal 
computerized game controller to the interface assemblies found within the various 
gaming systems. Examples of suitable universal game controllers and I/O interface 
designs are described in commonly assigned application serial number 09/405,921, 
filed September 24, 1999 and application serial number 09/847,051, the disclosures of 

20 which are herein incorporated by reference. 

In some embodiments, the universal game controller 1 1 1 is a standard IBM 
Personal Computer-compatible (PC compatible) computer. Still other embodiments 
of a universal game controller comprise general purpose computer systems such as 
embedded controller boards or modular computer systems. Examples of such 

25 embodiments include a PC compatible computer with a PC/1 04 bus, which is an 
example of a modular computer system that features a compact size and low power 
consumption while retaining PC software and hardware compatibility. The universal 
game controller provides all functions necessary to implement a wide variety of 
games by loading various program code on the universal controller, thereby providing 

30 a common platform for game development and delivery to customers for use in a 

variety of gaming systems. Other universal computerized game controllers consistent 
with the present invention may include any general-purpose computers that are 
capable of supporting a variety of gaming system software, such as universal 



25 



WO 03/045519 



PCTYUS02/38054 



controllers optimized for cost effectiveness in gaming applications or that contain 
other special-purpose elements yet retain the ability to load and execute a variety of 
gaming software. 

In yet other embodiments, the universal controller with security features can 
5 be used for other applications, including controlling networked in-line systems such 
as progressive controllers and player tracking systems. The invention can also be 
used for kiosk displays and creating picture in picture features on a video display. 

The universal computerized game controller of some embodiments is a 
computer running an operating system with a gaming application-specific kernel such 

10 as a customized Linux kernel. In further embodiments, a system handler application 
layer of code executes within the kernel, further providing common game 
functionality to the programmer. The game program in such embodiments is 
therefore only a fraction of the total code, and relies on the system handler application 
layer and kernel to provide commonly used gaming functions. Still other 

15 embodiments will have various levels of application code, ranging from embodiments 
containing several layers of game-specific code to a single-layer of game software 
running without an operating system or kernel but providing its own computer system 
management capability. 

Figure 2 illustrates a networked computer connected to selected devices that 

20 comprise a part of a computerized wagering game apparatus, as are used in various 
embodiments of the present invention. The computerized game controller 201 has a 
processor 202, memory 203, and nonvolatile memory 204. One example of 
nonvolatile memory is a flash disk on chip (hereinafter "flash disk"). The flash disk is 
advantageously read/write, yet retains information stored on disk upon power down. 

25 Attached to the computerized game controller of some embodiments is a mass storage 
device 205, such as a CD ROM, and a network interface adaptor 206. The network 
interface adaptor is attached to a networked computer 207 via network connection 
208. The various components of Figure 2 exist within embodiments of the invention, 
and are illustrated to show the manner in which the various components are 

30 associated. 

The computerized wagering game controller of the invention is operable to 
control a computerized wagering game, and is operable to employ encryption in 
various embodiments to provide data security. The computerized game controller 201 
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in some embodiments is a general-purpose computer, such as an IBM PC-compatible 
computer. The game controller executes an operating system, such as Linux or 
Microsoft Windows, which in further embodiments is modified to execute within the 
computerized gaming apparatus. The computerized game controller also executes 
5 game code, which may be loaded into memory 203 from either a mass storage device 
205 such as a hard disc drive, or nonvolatile memory 204 such as flash memory or 
EPROM memory before execution. In some embodiments, the computerized game 
controller 201 loads encryption functions into memory 203, and those functions are 
subsequently executed to securely load other gaming system data from the mass 

1 0 storage device 205. 

In further embodiments, the computerized game controller exchanges data 
with a networked computer 207 via a network connection 208 and a network interface 
adapter 206. Data exchanged via the network connection is encrypted in some 
embodiments of the invention, to ensure security of the exchanged data. The data to 

1 5 be exchanged in various embodiments comprises game program data, computerized 
gaming apparatus report data, data comprising commands to control the operation of 
the computerized gaming apparatus, and other computerized gaming apparatus data. 
Employing encryption in exchanging such data provides a degree of security, ensuring 
that such data is not altered or forged. 

20 The invention may employ the EAPTSD in combination with authentication, 

including hash functions, symmetric encryption, zero knowledge proof sequences, and 
public key/private key encryption in various embodiments, which provides a degree 
of confidence that data utilized by the computerized gaming system and protected by 
encryption in accordance with the invention is not altered or forged. The data within 

25 the scope of the invention includes but is not limited to data comprising programs 

such as operating system or game program data, computerized gaming machine status 
data such as credits or other game state data, control instruction data for controlling 
the operation of the computerized gaming apparatus, and other computerized gaming 
machine data. 

30 One embodiment of the invention may use authentication programs that 

comprises the use of hash functions to calculate a reference hash value for selected 
data, which can later be compared to a hash value calculated from the same data or a 
copy of the data to ensure the data has not been altered. The hash functions employed 
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will desirably be one-way hash functions, to provide a greater degree of certainty that 
the reference hash value cannot be used in reverse to produce corresponding altered 
data. In a further embodiment, the data is hashed repeatedly by a continuously 
executing program thread that ensures that the data is not altered during the course of 
5 operation of the computerized wagering game. The data that is continuously hashed 
is in some embodiments is continuously hashed after being loaded into memory 203 
for use by the computerized game controller. 

If the reference hash value and the calculated hash value do not match, the 
computerized gaming apparatus will desirably provide some indication of the hash 

10 failure. In one embodiment, the game is brought to a locked or "tilt" state that 

prevents wagering upon a hash check failure. In a further embodiment, notification of 
the hash failure is sent to a networked computer 207 to alert the computer's user of 
the hash failure. In some embodiments, the computerized wagering game apparatus 
provides limited function to check the status of the game, including in further 

1 5 embodiments functions accessible only by operating controls within the computerized 
wagering game apparatus secure housing. 

In one embodiment, the operating system as described in copending 
application for Computerized Gaming System, Method and Apparatus, having Serial 
Number 09/520,405 and filed on the March 8, 2000, cooperates with a library of 

20 "shared objects" that are specific to the game application (the disclosure is herein 
incorporated by reference). For purposes of this disclosure, a "shared object" is 
defined as self-contained, functional units of game code that define a particular 
feature set or sequence of operation for a game. The personality and behavior of a 
gaming machine of the present invention are defined by the particular set of shared 

25 objects called and executed by the operating system. Within a single game, numerous 
shared objects may be dynamically loaded and executed. This definition is in contrast 
with the conventional meaning of a shared object, which typically provides an API to 
multiple programs. An API is defined as an Application Programming Interface, and 
includes a library of functions. 

30 The shared object code, as well as other data may be verified according to one 

embodiment of the present invention by first preparing a signature from data, as 
shown in Figure 3. The signature may be prepared by first hashing 210 the data set 
212 to create a message digest 214. The message digest is encrypted via an 
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encryption program that is stored on ROM utilizing a private/public key algorithm 
218, forming a unique signature 220. The data and signature are then stored on a 
mass storage device 222 such as a network storage device, hard drive, CD-ROM, 
RAM, flash disk or the like. 
5 In one embodiment, the shared objects for a particular application and their 

corresponding signatures are stored 224 in flash memory. The data on this flash 
memory is preferably verified by the device of the present invention. When the 
shared objects are called, it is copied into RAM, where it is hashed 226 utilizing 
higher level verification, on a frequent periodic basis. The shared objects may be 

10 hashed from flash memory, or loaded into RAM and then hashed from RAM. 

Utilizing a Linux, Unix or other similar operating system advantageously permits the 
location of data in RAM. Data verification in RAM has the distinct advantage that 
errors will be caught at the time they occur, rather than when the data is loaded or 
reloaded. The verification technique of the present invention advantageously prevents 

15 data from loading if it cannot be verified, and/or while running but as soon as an error 
is detected. This could save casinos untold amounts by avoiding the payment of 
jackpots and the like based on machine malfunction. Since hashing is a batch process, 
the process is not continuous. However, when the hashing takes relatively little time, 
such as 10 seconds for example, the process can repeat itself so that the data 

20 verification in RAM is in effect, continuous. 

The message digest 228 (as shown in Figure 4) created from hashing the 
shared object is preferably encrypted, as part of the higher level verification 
processes. A public key 238 is used to decrypt the message digest utilizing a first 
decryption program. The signature 240 stored in flash memory is decrypted using a 

25 second decryption program via a public key 234 and the values are compared 236. 
Although code verification of the gaming program shared objects has been described 
in detail above, code verification utilizing hash functions and signatures can be 
applied to verifying the authenticity of the Linux kernel, modular modifications to the 
kernel, the operating system, game state data, random number generation data and the 

30 like. As added security, the present invention contemplates zeroing out all unused 
RAM to verify that no data in the fonn of code or other data was intentionally or 
unintentionally inserted. 
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In various embodiments, selected data is protected with encryption by signing 
the data with a digital signature that is verified to ensure integrity of the data. In some 
embodiments, the digital signature comprises signing the selected data with a signer's 
private key such that the data can only be decrypted by using the corresponding public 
5 key. Because only the intended signer knows his private key and documents 
encrypted with other private keys cannot be decrypted with the intended signer's 
public key, successful decryption of data with the intended signer's public key 
provides a degree of certainty that the data was signed or encrypted by the intended 
signer. 

1 0 But, because public key/private key encryption algorithms typically take a 

relatively long time to encrypt large amounts of data, the encryption algorithm is more 
efficiently used in some embodiments to encrypt a unique characteristic of the data 
such as the hash value from a one-way hash function. In such an embodiment, the 
signer derives the reference hash value with a one-way hash function for the data to 

15 be signed, and encrypts the resulting hash value with his public key. One-way hash 
functions typically may be applied to data much more quickly than public key/private 
key algorithms, and so it is more desirable to process the entire data to be signed with 
a hash function than with a public key/private key algorithm. In some embodiments 
of the invention, only the hash value needs to be encrypted with public key/private 

20 key encryption, greatly reducing the time needed to sign or verify large amounts of 
data. To verify the signature, the hash value is decrypted with the intended signer's 
public key and the decrypted reference hash value is compared to a newly-computed 
hash value of the same data. If the reference hash value matches the newly-computed 
hash value, a degree of certainty exists that the signed data has not been altered since 

25 it was signed. 

In some embodiments using digital signatures, the digital signature is that of a 
regulatory agency or other organization responsible for ensuring the integrity of data 
in computerized wagering game systems. For example, the Nevada Gaming 
Regulations Commission may apply a signature to data used in such gaming systems, 

30 ensuring that they have approved the signed data. Such an embodiment will be useful 
to ensure that game code executing in these systems has been approved and not 
altered since approval, and provides security both to the game operator or owner and 
to the regulatory commission. In other embodiments, the digital signature is that of 
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the game code manufacturer or designer, and ensures that the game code has not been 
altered from its original state since signing. 

Secure storage of the reference hash values or public keys in the systems 
described above is important, because data can be more easily forged if the reference 
5 hash values or public keys used to verify the integrity of the data can also be altered. 
For this reason, the reference hash values, public keys, or other encryption key data is 
stored in nonvolatile memory 204. In some embodiments, the nonvolatile memory 
204 is a flash memory or EPROM that is programmable, but is not readily altered by a 
user of the computerized wagering game apparatus. The nonvolatile memory in such 

10 embodiments is reprogrammable, but reprogramming requires in various 

embodiments the use of special hardware, execution of restricted functions, or other 
secure methods. In other embodiments, the nonvolatile memory 204 is a 
programmable memory that is not alterable, requiring replacement of the nonvolatile 
memory each time new encryption key data is needed. Such embodiments have the 

1 5 advantage that the nonvolatile memory 204 must be physically removed and replaced 
to alter the data, providing a degree of access security and allowing visual verification 
of the identity of the nonvolatile memory and its contents. 

In still other embodiments, the encryption key data is stored on the mass 
storage device. Further embodiments include storage of the encryption key data 

20 embedded in encryption functions, storage in secure areas of a hard disc .drive mass 
storage device, or use of other security methods or storage means to protect the 
encryption key data. 

These encryption methods in some embodiments of the invention are also 
applied to computerized gaming system communication over a network. Data 

25 communicated over a network is in various embodiments of the invention verified by 
use of a hash function, verified by use of public key/private key encryption, verified 
by use of symmetric encryption, or verified by use of digital signatures. Also, a 
variety of key exchange or key negotiation protocols exist which in some 
embodiments of the invention provide the capability for a networked computerized 

30 gaming system to publicly agree with another networked computer system on 
encryption keys that may be subsequently used to communicate securely over a 
network. 
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Such network communication methods are utilized in the invention to provide 
for secure exchange of data between. computerized wagering game systems and other 
networked computer systems. For example, control commands that control certain 
aspects of the operation of the computerized wagering games are securely sent over a 
5 network in some embodiments of the invention. Such commands may include 
increasing odds of payout on selected computerized wagering game systems, or 
changing the game program that is executed on selected computerized wagering game 
systems at selected times of the day. The computerized wagering games in some 
embodiments securely report game data such as bookkeeping data to a networked 

1 0 computer 207 via encryption. In still other embodiments of the invention, wagering 
game program data is securely transmitted over the network to the computerized 
wagering game systems, providing a secure way to provide new wagering games to 
the systems without physically accessing each computerized wagering game system. 
Various embodiments of the invention transmit other computerized wagering game 

15 data over a network connection via encryption, and are within the scope of the 
invention. 

Because encryption methods typically provide a degree of security that is 
dependent on the effort and expense a hacker is willing to invest in defeating the 
encryption, replacement of encryption keys is employed in some embodiments of the 

20 invention. Digital signatures in some embodiments are valid only for a predetermined 
period of time, and in further embodiments have an associated date of expiry after 
which they may no longer be used. Such methods can also be used in various 
embodiments of the invention to license games for use for a certain period of time, 
after which they will not be properly verified due to expiry of the encryption keys 

25 used for data verification. Because hash functions typically produce hash values that 
are dependent entirely on the data being hashed, embodiments of the invention which 
incorporate expiry and replacement of reference hash values also require reissuance of 
modified data to produce a different hash value. For example, minor bug fixes, 
addition of new features, or any other small change in the data comprising a gaming 

30 program will be sufficient to produce a different reference hash value upon hashing 
the edited program data, resulting in an updated reference hash value corresponding to 
the updated data. 
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Other embodiments use a variety of keys among various computerized 
wagering games and game producers, reducing the risk and therefore the value of 
successfully defeating an encryption key. For example, a game producer in one 
embodiment employs a different digital signature for each customer of its 
5 computerized wagering games, ensuring that defeating the encryption key on a single 
game system affects a limited number of games. In another embodiment, a regulatory 
agency may change keys with which it signs games on a periodic basis, so that a 
successful hack of the keys used to sign the data results in potential compromise of 
only a limited and identifiable number of games. It will be obvious to one skilled in 

10 the art that many variations on key replacement and expiry policies exist, all of which 
are considered within the scope of the present invention. 

The invention provides an architecture and method for a gaming-specific 
platform that features secure storage and verification of game code and other data, 
provides the ability to securely exchange data with a computerized wagering gaming 

15 system, and does so in a manner that is straightforward and easy to manage. Some 
embodiments of the invention provide the ability to identify game program code as 
certified or approved, such as by the Nevada Gaming Regulations Commission or 
other regulatory agency. The invention provides these and other functions by use of 
encryption, including digital signatures and hash functions as well as other 

20 authentication methods. 

Figure 5 is a block diagram illustrating one exemplary embodiment of a 
gaming system according to the present invention. The gaming system block diagram 
is representative of gaming system 100 shown in Figure 1 and Figure 2, and 
previously described herein. The gaming system 100 includes a unique system and 

25 method for preparing a game data set for authentication and authenticating a game 
used in the gaming system 100. The gaming system 100 includes a process which 
securely verifies that the gaming data set, including program files, have not been 
altered, either intentionally or unintentionally, changing the outcome of a game 
played on the gaming system 100. 

30 Components of the present invention can be implemented in hardware via a 

microprocessor, programmable logic, or state machine, in firmware, or in software 
within a given device. In one preferred embodiment, one or more components of the 
present invention reside in software. Components of the present invention may also 
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reside in software on one or more computer-readable mediums. The term computer- 
readable medium as used herein is defined to include any kind of memory, volatile or 
nonvolatile, such as floppy disks, hard disks, CD-ROMs, flash memory, read-only 
memory (ROM), and random access memory (RAM). In addition, gaming system 
5 100 can employ a microprocessor embedded system/appliance incorporating tailored 
appliance hardware and/or dedicated single purpose hardware. 

In one aspect, gaming system 100 includes a gaming control system 300, 
gaming system interface 302, and gaming system devices 304. Gaming control 
system 300 includes computer or controller 201, nonvolatile memory 204, and 

10 nonvolatile memory 306. Controller 201 includes memory 203 and nonvolatile RAM 
(NVRAM) 308. In one aspect, memory 203 is random access memory. In one 
aspect, the random access memory 203 is dynamic random access memory (DRAM). 
The nonvolatile random access memory includes a battery backup for maintaining 
data stored in memory upon loss of power. In one embodiment, NVRAM 308 is used 

1 5 for storing crucial gaming data, such as slot machine reel settings, payoff percentages, 
and credits. 

In one embodiment, program memory 204 is a read/writeable, nonvolatile 
memory. In one aspect, the writeable memory 204 is flash memory. One suitable 
nonvolatile memory is commercially available under the trade name "Disk on 

20 a Chip" commercially available from M Systems, and Avnet of Phoenix, Arizona. . 
Other nonvolatile memory suitable for use with the present invention will become 
apparent to one skilled in the art after reading the present application. 

Nonvolatile memory 204 is used to store a game data set, which is defined to 
include game specific code or gaming program files. Exemplary game specific code 

25 includes game code, game data, game sound, game graphics, game configuration files, 
or other game specific files. The game specific code or program files are directed to 
specific types of games run on the gaming system, such as Blackjack, poker, video 
slot machines, or reel slot machines. In one embodiment, nonvolatile memory 306 is 
read only memory (ROM) such as an EEPROM. Nonvolatile memory 306 is used to 

30 store gaming system operating code. Upon power up or operation of the gaming 
system, the gaming system operating code and game data sets are transferred into 
memory, preferably volatile memory 203, for fast access by controller 201 for 
operation of 
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the gaming system. During operation of the gaming system 100, controller 201 
interfaces with gaming system devices 304 via gaming system 302 for operation of 
the gaming system 100. Gaming system interface 302 may include network interface 
206, network computer 207, and network connection 208 previously detailed herein. 
5 Gaming system devices 304 include mechanical, electrical, hardware, software or 
video devices, such as pushbuttons 101, joystick 102, pull arm 103, token or slot 104, 
device 105, point tray 106, video screen 107 and speakers 108 previously detailed 
herein. 

The gaming system 100 according to the present invention includes an 
10 encrypted control file 3 10 and associated game files stored in the nonvolatile memory 
204. The encrypted control file 310 includes the game data set, such as game specific 
code and program filenames, message authentication codes unique to the program 
filenames, and a message authentication code key. A message authentication code 
process 312 is stored in nonvolatile memory 306. In one aspect, the control file 310 is 
15 encrypted. The control file 3 10 is used in connection with the message authentication 
code process 312 to provide game data security during operation of the gaming 
system 100, as part of a game authentication/verification process. The game 
authentication/verification process is described in detail in reference to the following 
Figures 6-11. 

* 20 Figure 6 is a diagram illustrating one exemplary embodiment of a method of 

preparing a game data set for authentication. A game data set is indicated at 320. As 
indicated herein the game data set 320 includes game specific code filenames or 
program filenames for game files, such as game code, game data, game sound, game 
graphics, game configuration files, and other game specific files. A message 

25 authentication code is determined which is unique to the game data set 320 but may 
be or is determined using less than the whole game data set (i.e., the whole data set 
being the program file and program filenames). The message authentication code is 
determined using a message authentication code process 322 (MAC process). In one 
aspect, the message authentication codes are determined using the filenames 

30 associated with the program files, resulting in fast determination of the unique 

message authentication codes. The term message authentication code as used herein, 
also known as a data authentication code, is a one-way hash function with the addition 
of a secret key, indicated as message authentication code key 324. A resultant hash 
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value is a function of both the pre-image game data set 320 and the message 
authentication code key 324. See, Applied Cryptography, 1996 Second Edition, by 
Bruce Schneier, Chapter 18 which is incorporated herein by reference. 

The output of the message authentication code process 322 is stored. In one 
5 aspect, the game data set, the message authentication code, and the message 
authentication code key are stored in a control file 326 in memory. The method 
authentication code may be and is preferably provided by random selection or random 
generation of authentication codes. In this manner, the program operates to provide 
an encrypted data set (e.g., the entirety of all files or a subset of the files in a compiled 

10 file) with the code key embedded in the encrypted compiled file. The key cannot 
reasonably be decrypted by finding an external code key, as the encryption code was 
generated randomly and was not necessarily separately identified or stored or passed, 
except to the extent that it is embedded in the encrypted compiled file. 

Figure 7 is a diagram illustrating one exemplary embodiment of game data set 

15 320 and message authentication code key 324. In one aspect, game data set 320 
includes a plurality of game specific code or program filenames, indicated as 
FILENAME 1 328, FILENAME2 330, through FILENAMEN 332. 

Figure 8 is a diagram illustrating one exemplary embodiment of a message 
authentication code process 322 used in the present invention, including being used in 

20 preparing a game data set for authentication for a gaming system according to the 
present invention. In this embodiment, the message authentication code process 
utilizes a public-key encryption algorithms in a block chaining mode as a one-way 
hash function. Game data set 320 includes program filenames FILENAME 1 328, 
FILENAME2 330 through FILENAMEN 332. A message authentication code is 

25 determined which is unique to each program file and filename FILENAME 1 328, 
FILENAME2 330 through FILENAMEN 332. A message authentication code 
function 334 is defined for the message authentication code process 322. Program 
FILENAME 1 328 and message authentication code key 324 are applied to the 
message authentication code function to determine message authentication code 336 

30 (MAC 1 ). Utilizing a block chaining scheme, the message authentication code MAC 1 
336 is used as the "key" for determining the next message authentication code unique 
to the next file. As such, the validity of the message authentication code process 322 
is also dependent on the order in which the message authentication codes are 
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determined, and the validity of the message authentication code output from each 
previous step. 

Program FILENAME2 330 and the message authentication code MAC1 336 
are applied to message authentication code function 334 to determine message 
5 authentication code MAC2 338. This process is continued for each subsequent 

program file. As such, program FILENAMEN 332 and the last determined message 
authentication code are applied to message authentication code function 334 to 
determine the message authentication code FILENAMEN 340. 

For increased security, a message authentication code is again determined for 

10 the program file FILENAME 1 utilizing the last determined message authentication 
code. FILENAME 1 328 and message authentication code MACN 340 are applied to 
message authentication code function 334 to provide a message authentication code 
MAC IX or (MACT 342). In this embodiment, each message authentication code is 
unique to each program file, especially where it has been derived in combination with 

15 information previously derived from other files as that authentication code is then 
dependent upon a previously determined message authentication code. Determining 
the message authentication code using each filename is much faster than hashing 
entire program files in an authentication scheme requiring hashing, and the 
subsequent determination of digital signatures using an encryption scheme. 

20 r Figure 9 is a diagram illustrating one exemplary embodiment of control file 
326 generated after completion of the message authentication code process 322, 
where the encrypted control file is formed. Control file 326 includes each program 
filename in the game data set 320, including FILENAME 1 328 (and the associated 
file 1), program FILENAME2 330 (and the associated file 2) through program 

25 FILENAMEN 332 (and the associated files through N). Control file 326 also includes 
the message authentication code key 324 attached to the encrypted control file 352, 
and the unique message authentication code unique to each program file as it has been 
treated within the encrypted compiled file or encrypted control file 326. In particular, 
message authentication code MAC1 unique to FILENAME 1 , also message 

30 authentication code MAC1X 336 which is unique to program FILENAMEl 328, 
message authentication code MAC2 338 which is unique to program FILENAME2 
330, through message authentication code MACN 340 which is unique to program 
FILENAMEN 332. 
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Figure 10 is a block diagram illustrating one exemplary embodiment of a 
process for providing a secure gaming system according to the present invention. In 
one aspect, control file 326 is encrypted using encryption program 350, to provide an 
encrypted control file 352. The encrypted control file 352 is stored in program 
5 memory, indicated at 354. In reference also to Figure 5, the encrypted control file is 
shown stored in nonvolatile memory 204 as control file 310 for use by gaming system 
100. Additionally, the program files associated with the encrypted control file are 
also stored in memory 
204. 

1 0 In one aspect, encryption program 350 utilizes a private key 356 and a public 

key 358 as part of a public key/private key encryption process similar to the public 
key/private key encryption process previously described herein. One encryption 
process suitable for use as encryption program 350 in the present invention utilizes an 
ElGamal encryption scheme. Other encryption methods may be utilized which may 

1 5 or may not use public key/private key encryption systems, such as RSA and Diffie- 
Hellman, may be employed. Various hash functions may also be employed, such as 
MD5 or SHA. Preferably, the hash functions are one-way hash functions. 

Figure 1 1 is a diagram illustrating one exemplary embodiment of a method of 
authenticating a game used in a gaming system 100 according to the present 

20 invention. Reference is also made to Figures 1-10 previously detailed herein. The 
game can be verified as authentic at selected times (including regular or periodic 
times, to an extent that approaches continual authentication), such as when the 
machine is not in use, during game power-up, or when game data, including game 
program files, is transferred from nonvolatile memory 204 to RAM for use by the 

25 gaming system 100. Further, once transferred into RAM 203, the authentication of 
the game data set or game program files can be checked at (continuously or at desired 
intervals) during operation of the game to verify authentication of the game code and 
data. 

In one aspect, encrypted control file 352 is received from nonvolatile memory 
30 204 and decrypted using a corresponding decryption program 360. In one aspect, 
decryption program 360 utilizes public key 358. The decryption program 360 
reverses the encryption provided by encryption program 350. The application of 
decryption program 360 to encrypted control file 352 results in the original control 
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file 326. Control file 326 includes the filenames FILENAME 1, FILENAME 2 
through FILENAMEN Control file 326 further includes the corresponding unique 
message authentication codes MAC1, MAC2 through MACN, and MAC IX and 
message authentication code key 324. The newly created MAC'S are compared to 
5 previously stored MAC's to verify authenticity of the game and in particular the game 
programs. 

The program filenames and message authentication code key are applied to the 
same message authentication code process 322, as previously detailed in Figure 8, 
providing an output of complimentary message authentication codes 362. At 364, the 

10 message authentication codes from control file 326 are compared to the corresponding 
determined complimentary message authentication codes 362. As indicated at 366, if 
the message authentication codes and the complimentary message authentication 
codes set match, the game is verified authentic and use of the game programs is 
allowed to continue, indicated at 368. If the message authentication codes and the 

1 5 complimentary message authentication codes do not match, the game is not verified 
as authentic and enters an error mode, is terminated and/or system operating 
personnel are notified, indicated at 370. 

In Figure 12, one exemplary embodiment of a game verification process used 
in a gaming system according to the present invention is generally shown at 380. In 

20 verification process 380, after the game data set 382 has been authenticated and 

transferred into RAM 203, the present invention provides for continuous verification 
of the game data set to assure that the game data set 382 has not changed from the 
original game data set stored in nonvolatile memory 204. In particular, a hash 
function 384 is applied to the game data set 382, resulting in a hashed output stored in 

25 message digest 386. Message digest 386 comprises a unique hashed output 

corresponding to each program file in game data set 382. In one aspect, hash function 
384 is a SHA hash function. Other suitable hash functions include MD5, SNEFRU, 
HAVAL and N-HASH. Other hash functions which are suitable for use in the 
verification process according to the present invention will become apparent to one 

30 skilled in the art after reading the present application. The hashed output or message 
digest 386 is stored in a storage system 388. The storage system 388 may include 
message digest 386 being stored in RAM 203 or in NVRAM 308 or other suitable 
storage system which is part of gaming system 100. 
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During operation of the gaming system, the gaming data set 382 may be 
continuously verified to determine that no change has occurred in the game data set. 
In one aspect, the game data set 382 is verified one file at a time. In particular, during 
operation of the gaming system, a program file is applied to hash function 390, 
5 wherein hash function 390 is the same as hash function 394. At 392, the hashed 

output of hash function 390 is compared to the corresponding hashed output stored at 
system 388. At 394, if no match occurs the game enters into an error mode, is 
terminated, and/or gaming personnel are notified, indicated at 396. 

At 398, if a match occurs the next program file of game data set 382 is verified 

10 in a similar manner. As such, the game data set 382 is continuously verified during 
operation of the gaming system. Another aspect, the game data set may be verified 
using the verification process according to the present invention at desired time 
intervals or upon the occurrence of a desired event, such as the start of each game 
played on the gaming system. 

15 The gaming system 100 according to an aspect of the present invention 

provides a unique system and method for preparing a game data set for authentication 
and authenticating a game used in the gaming system 100. The gaming system 100 
includes a process which securely verifies that the gaming set, (including program 
files), the operating system, including a Linux kernel and bios, as well as data files 

20 have not been altered, either intentionally or unintentionally, which could result in the 
changing of the outcome of a game played, or cause other malfunctions on the gaming 
system 100. In one aspect, the present invention provides for continuous verification 
of the gaming system 100 during operation of the gaming system 100. In another 
aspect, verification occurs at the request of a host computer or command from a local 

25 computer. 

Although specific embodiments have been illustrated and described herein, it 
will be appreciated by those of ordinary skill in the art that any arrangement which is 
calculated to achieve the same purpose may be substituted for the specific 
embodiments shown. This application is intended to cover any adaptations or 
30 variations of the invention. It is intended that this invention be limited only by the 
claims, and the full scope of equivalents thereof. 

Another aspect of the present invention includes a method of verifying game 
data that does not interfere with the performance of the gaming machine. The method 
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comprises providing a host computer for running a casino-style game, providing at 
least one memory device for storing data for use on the host computer, and providing 
a separate form of intelligence and associated memory (if needed) for verifying data 
stored on the at least one memory device prior to loading into volatile memory of the 
5 host computer. In one form of the invention, the gaming program objects or game 
layer can be verified while the system is booting, preventing interference to the 
operation of the host computer system. The validation mechanism is in-circuit, 
meaning that the data is validated during operation of the host system. The in-circuit 
validation (hereinafter "ICV") can therefore be thought of as a gate, including 

10 intelligence and associated memory that functions to allow data to enter a host 
computer only after validation, to prevent the host computer or an external device 
from writing to the memory, and to provide continuous or periodic validation of data 
stored in memory to enable regulators to access and rapidly verify the system. 

The above-described Kobetron™ Inc. and the Dataman™ Ltd. prior art differ 

1 5 from what is intended to be practiced in the present invention. Primarily, the present 
invention comprises an in-circuit verification mechanism positioned between the host 
computer and its memory device or devices (there can be more than one ICV) as 
opposed to a method that requires removing the media (e.g., the EPROM or other chip 
or memory element) and generating a signature in a separate piece of equipment. 

20 Those prior art validation systems actually take a memory element out of the machine 
to verify it. Those systems check the chip with another machine, which requires the 
primary gaming device or gaming machine to be shut down. The presently described 
validation system has two elements: 

1) a "black box," the EAPTSD, is placed in between the storage media (e.g., 
25 Compact Flash, EPROM, CD ROM, etc.) and the host game computer/processor. To 

the host computer (and the storage media), the EAPTSD is invisible. The EAPTSD 
may have two purposes. It may be programmed and or otherwise configured to block 
attempts by the game computer or an external device or system to write to the storage 
media, and the EAPTSD responds to requests for verification from one or more 
30 internal or external devices; 

2) an "external device" (such as a second device or second microprocessor), 
may comprise a hand-held or networked system, with direct access to a 
computer/microprocessor or connected by cable, wiring or RF communication, which 
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sends validation requests to the black box. The request communication may be 
encrypted. These requests ask the black box to perform various authentication 
routines (for example, as described above and incorporated by reference) on the 
storage media and send the results back. Alternatively, the requests may ask the black 
5 box to return the contents of the storage media for validation by the external device. 
This communication can be sent over a physical wire such as rs232 or equivalent 
element. 

A big advantage of this new approach is that the storage media can be 
validated while the machine is being booted up, while the machine is in operation, 

1 0 even during game play. If the game is in play, the external or wireless 

communication port is accessed, the storage media is accessed, and the game is 
verified without interference by the game computer. In the event that the game 
computer requires information from the storage media, the EAPTSD preferably 
pauses its communication with the storage media, allows communication to be 

15 completed between the game computer and the storage media, and then continues the 
verification process when that particular communication has halted. This pause in the 
communication between the second, external device, the EAPTSD and/or the storage 
media may occur as often as needed to ultimately complete the verification procedure. 
In contrast, the prior art requires several distinct and invasive steps to validate storage 

20 media that may include at least: 

1) power off the machine 

2) remove storage media 

3) insert media in validator machine 

4) perform signature on storage media, and 
25 5) replace media and re-power machine. 

The EAPTSD is invisible to both the game and gaming system. Because of 
this, the EAPTSD should be used on any gaming system that uses similar storage 
media, not just a proprietary gaming system. Kobetron™ Inc. validation systems or 
the DATAMAN S4 validation system are not integrated into the game or gaming 
30 system. 

Neither Kobetron™ nor Dataman security systems send communication 
requests or receive responses from games or gaming systems. The storage media is 
physically 
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removed from the machine when validation is performed. Additionally, each prior art 
security system tends to be limited to specific electronic fingerprints or signatures 
which are described as a "four character Kobetron MT2000 code" and or in Dataman 
as either an 8-character CRC type unique signature similar to Kobetron™ Inc. 
5 security system 2000 or a 40-character SHA/SHA- 1 unique signature function 
identical to that used by the gaming board). 

As noted above, neither the Kobetron™ Inc. nor Dataman, Ltd, security 
systems validate by plugging into a communication port on the gaming device. The 
Dataman S4 does have an option to use communications to a host computer when the 

1 0 EPROM or memory chip, but this is unrelated to any type of "live" validation. Aurora 
Casino Equipment uses a bridge that is inserted between a single EPROM chip and 
the processing intelligence. This bridge has a communication function that apparently 
broadcasts a signature to an RF receiver to verify hard memory on the EPROM chip. 
Each EPROM would require a separate broadcasting bridge to authenticate each 

15 EPROM. The published system also appears to authenticate upon boot up. It is 

important to note that the storage media of the present invention could be a plurality 
of PROM or EPROM chips and "live" validation would offer the advantage that the 
content of all chips could be validated in a single process step. 

The term 'Lower level of validation* has been described as available for 

20 verification according to the practices of the invention. The validation is totally 

transparent to the storage media, the computer, etc. The black box or EAPTSD filters 
out data or other information or signals and has different functionality in 
authenticating/verifying the contents of the storage media and if the storage media is 
writeable, the processing intelligence or another processor will prevent the media 

25 from being written on. The practice of the present invention in one preferred 

embodiment validates content of storage media, such as compact flash, whatever its 
content. It is an additional layer of authentication over a watchdog function that is 
performed on the gaming computer according to the practice of certain above 
commonly assigned cited our co-pending Patent Applications. The practice of the 

30 present invention may validate generic compact flash rather than being specific to a 
single game element. This can be done by various procedures as described above or 
by a challenge response or hash value encryption. 
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One preferred form of validation is fully disclosed in co-pending application 
Serial Number 10/134,663, filed April 25, 2002 entitled Authentication in a Secure 
Computerized Gaming System, the content which is hereby incorporated by reference. 
This validation technique is particular suitable for the ICV of the prevent invention 
5 because in a preferred form of the invention, the separate processing intelligence and 
associated memory is of modest size and processing speed, keeping the device 
inexpensive. The technique depends exclusively on hashing algorithms, rather than 
encryption and signature generation techniques that require more resources. 
As noted above, an externally accessible pass through security device, 

10 hereinafter referred to as an EAPTSD (e.g., with a microprocessor) is installed in 
connection with the gaming apparatus between the gaming computer and the storage 
media. For example, the EAPTSD may be communicatively between the gaming 
computer and the storage media, so that the gaming computer must pass data through 
the EAPTSD to communicate with the storage media. The physical location of the 

1 5 EAPTSD is not critical, and the EAPTSD may be inside the housing, on the door of 
the housing, outside the housing, insertable into a connecting port on the housing, or 
communicatively positioned at or with an external computer (e.g., a pit computer, 
central computer, or mainframe, etc.). A separate communicating port, unit, gate, 
logic, etc. may be internal in the machine, and at least an external connection to an 

20 outside intelligence device must be provided in the networked version of the system 
for communication purposes, unless the network is wireless. If located outside of the 
housing and associated with a separate computer, the EAPTSD may be 
communicatively positioned in or with the pit computer or host computer or other 
networking computer. In that manner, a single EAPTSD may be used for a host of 

25 gaming devices. 

The invention may be summarized as including a gaming apparatus 
comprising a housing, a game computer, a storage media having at least some casino 
game information thereon, and an externally accessible pass through security device 
that can be accessed externally, the externally accessible pass through security device 

30 being capable of enabling verification of at least some casino game information. 
Alternatively, the invention may be described as a gaming apparatus comprising a 
housing, a game computer having memory, a storage media having at least some 
casino game information, and communicatively between the game computer and the 
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storage media an externally accessible pass through security device that can.be 
accessed externally, the externally accessible pass through security being capable of 
enabling verification of casino game information. The gaming apparatus may have the 
game computer communicates with storage media through the externally accessible 
5 pass through security and the EAPTSD preferably allows communication through an 
externally accessible communication port to or from the storage media while 
preventing external communication to the game computer. Also, the externally 
accessible pass through security may prevent communication through the externally 
accessible communication port from writing on the storage media. The externally 

10 accessible pass through security may allow communication to storage media with 
approval of the communication content. The externally accessible pass through 
security also allows communication to storage media and prevents such 
communication from writing on the storage media. In another aspect, verification 
communication through the external addressable communication port to externally 

1 5 accessible pass through security may allow verification communication to storage 
media with no contemporary verification communication from the game computer to 
the storage media. The gaming apparatus may be programmed so that extant 
verification communication between the externally accessible pass through security 
and the storage media is essentially continuous, but pauses when game 

20 communication is initiated by the game computer to the storage media. In this mode, 
the gaming apparatus, when verification communication has been paused, continues 
or reinitiates when game communication ceases between the game computer to the 
storage media. In the gaming apparatus, a microprocessor may be externally 
connected to the externally accessible communication port, and verification of casino 

25 game information can then be performed on a microprocessor that is externally 
connected to the external addressable communication port. Alternatively, 
communication with the EAPTSD from outside of the gaming machine can be 
wireless, i.e., a radio frequency network. 

In a second embodiment within the generic concept of the invention, the entire 

30 authentication system (excluding the processing intelligence or including the 
processing intelligence) is included within an internal housing component that is 
installed within the gaming housing and placed into communicative connection with 
the controller. The system components included within the internal housing 
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component includes at least the validation hardware and/or software that blocks 
writing onto the storage medium. Preferably the associated memory, as well as a 
storage medium such as a flash disc is also located within the housing. This internal 
housing and its functional components may be communicatively connected to the 
5 controller or computer. In one example of the invention, the device is pinned to plug 
into the "c" or hard drive connection of a host computer. This referred to in the 
practice of the invention as a secure disk or Secure Disk™ (2002, Shuffle Master, 
Inc.) authentication system. 

Figure 13 shows a second generation intelligent chip validation (IVC) system 

10 400 that can be installed as a distinct unit within the gaming apparatus and 

communicatively connected to a controller or computer 412. The system 400 is shown 
with a physical housing or box 402 that contains a storage memory 404 which may 
also be a writeable memory (e.g., compact flash, EPROM or multiple EPROMS), 
intelligence in the form of hardware 406 and/or software and memory 307 associated 

1 5 with the intelligence that contains the validation program and blocks writing to the 
storage memory 404 and transmits communication through port 408 to either an 
external device capable of requesting verification of data or to other game function or 
peripherals (not shown). The storage memory 404 may have game data such as 
gaming program shared objects as described in co-pending application serial number 

20 09/520,405 and previously incorporated by reference. The storage memory 404 has a 
communication line 410 to a host controller 412 which may have an additional 
communication link 414 to other systems in the gaming apparatus, such as peripheral 
devices (not shown). Any authentication program may be included within the 
hardware and/or software, including without limit the programs described in U.S. 

25 Patent Nos. 5,643,086; 6,106,396; and 6,149,522; and U.S. Patent Applications serial 
nos. 09/520,404 (filed March 8, 2000), 10/182,534 (filed July 26, 2002, 09/949,021 
(filed September 7, 2001), 10/134,657 (filed April 25, 2002); and 10/134,663 (filed 
April 25, 2002), which are incorporated herein by reference for the disclosure of both 
programs, software and hardware enabling authentication programs. The entire 

30 housing 400 may be inserted into the gaming apparatus, for example, connected to a 
motherboard or walls within the apparatus. The authentication system is preferably 
essentially continuous. The program authenticates data in the storage memory 404 
and when the authentication is finished, the authentication process begins again. In 
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this manner, it is not necessary to initiate an authentication program to prove the 
system, and no particular even must occur to initiate authentication. When the system 
is powered up, the first authentication cycle begins, and then continues essentially 
continuously while the system is on. The system may be progammed for minor gaps 
5 between authentication cycles without deviating from the spirit of practice of the 
invention, however. 

In a third embodiment within the generic practice of the invention, a Read 
Only Memory board that acts as a hard drive (without a hard drive) is operably 
connected to a processing intelligence with associated memory (which may be a hard 

1 0 drive or other processor or microprocessor, and may exclude an actual hard drive as 
long as the processing or controlling function is provided, such as by a programmable 
memory chip). This form of system is referred to as an Integrated Device Electronics 
system or IDE system. 

Figure 14 shows a third generation IVC system 500 having the authentication 

1 5 program embedded outside of the game controller or computer. This is referred to as 
the IDE system or the Integrated Device Electronics system. The IDE system 500 
comprises a first board 502 having various memory storage elements 501 (e.g., 
preferably non-writeable media such as ROM, EPROM, PROM and the like) 

Another board 504 which may be an extension or part of the first board 501 

20 has its own processing intelligence. In one example of the invention, the intelligence 
is a hard-wired circuit 505. In another example, it is a processor, and software. The 
second board 504 may also include memory 507 associated with the processing 
intelligence. In some forms of the invention, additional memory storage elements 506 
are also present on the board 504. The processing intelligence is capable of 

25 authenticating data stored in memory elements 501 and 506, if present. 

A communication port 508 (I/O port with any communication link) carries 
information to and from the memory storage on the first and/or second board. 
Another communication link 512 to a host processor 514 with its own communication 
link 516 is shown in communicative connection with the second board 504 including 

30 intelligence 505 and associated memory elements 507. 

The invention may be alternatively described as a method of verifying casino 
gaming data in a computer-based gaming apparatus comprising connecting a 
computer communication device to a casino gaming apparatus either directly through 
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a port, or indirectly using wireless communication, so that the computer 
communication device is in communication with a security device inside of the 
gaming apparatus that is distinct from a game computer and storage media in the 
gaming apparatus, and the computer communication device verifies casino gaming 
5 data stored on the storage media. Again, in a preferred method, while the computer 
communication device is in communication with storage media and the gaming 
computer communicates with storage media, communication between the computer 
communication device and the storage media preferably pauses or ceases, and when 
communication between the gaming computer and the storage media ceases, 

10 communication between the computer communication device and the storage media 
may begin or continue (Alternately, communication between the host computer and 
memory, and the communication device and memory is continuous). In that method, 
the computer communication device may be in communication with a security device 
inside of the gaming apparatus that is distinct from a game computer and storage 

15 media in the gaming apparatus and the security device may be in communication with 
the storage media. Alternatively, the computer communication device is in 
communication with the security device inside of the gaming apparatus (that is 
distinct from a game computer and storage media in the gaming apparatus) and the 
security device is in communication with the storage media and the security device is 

20 not in communication with the gamingxomputer and the computer communication 
device is in communication with a security device inside of the gaming apparatus 
while the gaming apparatus is powered up. For example, the computer 
communication device is in communication with a security device inside of the 
gaming apparatus while the gaming apparatus is executing a casino game. 

25 The invention may also be alternatively described as a method of verifying 

casino gaming data in a computer-based gaming apparatus comprising connecting a 
computer communication device to an external communication port on a casino 
gaming apparatus or by means of wireless communication so that the computer 
communication device is in communication with a security device inside of the 

30 gaming apparatus that is distinct from a game computer and storage media in the 
gaming apparatus, and the security device verifies casino gaming data in storage 
media. This method may operate when the security device communicates verification 
of casino gaming data to the computer communication device, and while the computer 



48 



WO 03/045519 



PCT/US02/38054 



communication device is exchanging verification information with the security device 
storage media and the gaming computer communicates with storage media, 
communication between the computer communication device and the storage media 
pauses or ceases. 

5 The practice of the secure internal systems of the invention enable greater 

flexibility in the exercise of management (e.g., central controller such as a casino or 
internet or wireless controller) control or direction of gaming equipment. A difficult 
and expensive component of the use of gaming equipment has been based on the need 
to send personnel to each playing game, apparatus or table on the floor to first shut 

1 0 down the machine and then second, gather information or otherwise alter to the 

device. This is often done with two persons present to assure security. This is a high 
labor component of electronic game usage and reduces profits from the systems. The 
present security system can me modified to assist in reducing these costs by enabling 
a secure external download of information from memory while the gaming machine is 

15 in service. It is critical that this information be from a trustworthy source, which can 
be verified or screened by many techniques used in conjunction with the practice of 
the invention. 

For example, after verification of casino game data or data sets in memory 
storage elements of the ICV, Secure Disk™ or IDE verification systems of the 

20 invention, information may then be downloaded from a secure external source into 
writeable memory (e.g., compact flash) in the verification systems or connected to the 
verification systems of the casino game apparatus. The external source of information 
must be confirmed as a valid or authorized source of information (e.g., password, 
source identification, source verification, personal user codes, automated verification 

25 through interrogation, or other screening or verification means), and, the external 
source may be allowed to write to writeable memory in the gaming apparatus. For 
example, a casino may have a bank of video games or video reel games that can have 
their game content modified. Game content would possibly include at least some of 
game rules, pay tables, symbol images, sound content, symbol probability, payout 

30 rates, ancillary image display, coin validation programs, currency validation 
programs, player information record systems, and other peripheral controls. To 
change game content, the secure and validated information source may be enabled to 
download to and write to memory on individual gaming apparatus or banks of gaming 
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apparatus. This download is directed through the processing intelligence into the 
storage media and not the host gaming computer itself, which is a more secure form 
of download because the processing intelligence in the SecureDisk device has nothing 
to do with game play functions. 
5 After downloading of this information, the memory may be and is again 

verified according to the existing authentication program. It may or may not be 
necessary to modify data in the associated memory of the processing intelligence to 
accomplish data verification. Although it is possible to download a different 
authentication program (e.g., using hash values, signatures, encryption, de-encryption, 
10 zero knowledge proofs, El Gamal algorithm signature verification, and other known 
validation systems and algorithms), it is preferred to have the 

verification/authentication program on a non-writeable element, or at least an element 
that is write protected or read only memory within the SecureDisk. 

It is anticipated that as technology improves and as others engineer systems 

1 5 according to the practice of the invention that many variations and improvements and 
alternatives within the scope of the invention are expected. The above processes and 
apparatus may be implemented using different formats of software, different 
hardware, different information storage components and the like. Those changes and 
alterations are expected within the scope of the invention and the specific software, 

20 hardware and components are intended to be exemplary rather than absolutely 
limiting. 
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What is claimed is: 

1. An authentication enabling system for an electronic gaming system 
5 comprising: 

processing intelligence separate from a host gaming computer; 
at least one information storage medium communicatively connected 
to processing intelligence; 

the processing intelligence communicatively connected to a gaming 
10 computer; 

wherein the at least one information storage medium is write protected or read 
only memory; and 

the processing intelligence contains an authentication function to authenticate 
data on the at least one information storage medium. 

15 

2. The authentication enabling system of claim 1 wherein an outlet port is 
provided on the system to enable read out of results of performance of the 
authentication function. 

20 3. The authentication enabling system of claim 1 wherein a memory storage 

element must be directly accessed to enable read out of results of performance of the 
authentication function. 

4. The authentication enabling system of claim 1 wherein the authentication 
25 function is a continuous function. 

5. The authentication enabling system of claim 2 wherein the authentication 
function is a continuous function. 

30 6. The authentication enabling system of claim 3 wherein the authentication 

function is a continuous function. 
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7. The authentication enabling system of claims 1 , 2, 3, 4, 5 or 6 wherein both 
the at least one information storage medium and the processing intelligence are 
contained within a single housing that does not contain gaming peripherals. 

5 8. The authentication enabling system of claims 1, 2, 3, 4, 5 or 6 wherein the 

at least one intelligence storage medium is read only memory. 

9. The authentication enabling system of claims 1, 2, 3, 4, 5 and 6 wherein all 
intelligence storage media within the single housing is read only memory. 

10 

10. The authentication enabling system of claim 7 wherein all intelligence 
storage media within the single housing is read only memory. 

1 1 . A gaming apparatus having a reel slot gaming display or a video gaming 
15 display comprising a housing containing the authentication enabling system of claims 

1, 2, 3, 4, 5 or 6 and a game computer. 

12. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

20 7 and a game computer. 

13. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

8 and a game computer. 

25 

14. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

9 and a game computer. 

30 15. A gaming apparatus having a reel slot gaming display or a video gaming 

display comprising a housing containing the authentication enabling system of claim 

10 and a game computer. 
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16. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

1 1 and a game computer. 

5 17. A gaming apparatus having a reel slot gaming display or a video gaming 

display comprising a housing containing the authentication enabling system of claim 

12 and a game computer. 

18. A gaming apparatus comprising a housing, a game computer, a storage 
10 media having at least some casino game information, an external accessible port, and 
an externally accessible pass through security device that can be accessed through the 
external accessible port, the externally accessible pass through security device being 
capable of enabling verification of at least some casino game information. 

15 19. A gaming apparatus comprising a housing, a game computer having 

memory, a storage media having at least some casino game information, an externally 
accessible communication port, and communicatively between the game computer 
and the storage media an externally accessible pass through security device that can 
be accessed through the externally accessible port, the externally accessible pass 

20 through security being capable of enabling verification of casino game information. 

20. The gaming apparatus of claim 19 wherein the game computer 
communicates with storage media through the externally accessible pass through 
security and the EAPTSD allows communication through the externally accessible 

25 communication port to or from the storage media while preventing external 
communication to the game computer. 

21. The gaming apparatus of claim 20 wherein the externally accessible pass 
through security prevents communication through the externally accessible 

30 communication port from writing on the storage media. 
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22. The gaming apparatus of claim 19 wherein the externally accessible pass 
through security allows communication to storage media with approval of the 
communication content. 

5 23. The gaming apparatus of claim 18 wherein the externally accessible pass 

through security allows communication to storage media and prevents such 
communication from writing on storage media. 

24. The gaming apparatus of claim 18 wherein verification communication 
10 through the external addressable communication port to externally accessible pass 
through security allows verification communication to storage media with no 
contemporary verification communication from the game computer to the storage 
media. 

15 25. The gaming apparatus of claim 18 wherein verification communication 

through the external addressable communication port to the externally accessible pass 
through security allows verification communication to storage media with no 
contemporary verification communication from the game computer to the storage 
media. 

20 

26. The gaming apparatus of claims 24 or 25 programmed so that extant 
verification communication between the externally accessible pass through security 
and the storage media pauses when game communication is initiated by the game 
computer to the storage media. 

25 

27. The gaming apparatus of claim 26 wherein verification communication 
that has been paused continues or reinitiates when game communication ceases 
between the game computer to the storage media. 

30 28. The gaming apparatus of claim 26 wherein verification communication 

that has been paused continues or reinitiates when game communication ceases 
between the game computer to the storage media. 
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29. The gaming apparatus of claim 17 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
external addressable communication port. 

5 

30. The gaming apparatus of claim 18 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
external addressable communication port. 

10 

3 1 . The gaming apparatus of claim 21 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
externally accessible communication port. 

15 

32. A method of verifying casino gaming data in a computer-based gaming 
apparatus comprising connecting a computer communication device to an external 
communication port on a casino gaming apparatus so that the computer 
communication device is in communication with a) a security device inside of the 

20 gaming apparatus that authenticates data on information storage media within the 

apparatus and is distinct from a game computer and the information storage media in 
the gaming apparatus, and the computer communication device authenticates casino 
gaming data in storage media. 

25 33. The method of claim 32 wherein the security device continuously 

authenticates casino gaming data in storage media. 



34. The method of claim 32 wherein while the computer communication 
device is in communication with storage media and the gaming computer 
30 communicates with storage media, communication between the computer 
communication device and the storage media pauses or ceases. 
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35. The method of claim 34 wherein when communication between the 
gaming computer and the storage media ceases, communication between the 
computer communication device and the storage media begins or continues. 

5 36. The method of claim 32 wherein the computer communication device is in 

communication with a security device inside of the gaming apparatus that is distinct 
from a game computer and storage media in the gaming apparatus and the security 
device is in communication with the storage media. 

10 37. The method of claim 32 wherein the computer communication device is in 

communication with the security device inside of the gaming apparatus that is distinct 
from a game computer and storage media in the gaming apparatus and the security 
device is in communication with the storage media and the security device is not in 
communication with the gaming computer. 

15 

38. The method of claim 32 wherein the computer communication device is in 
communication with a security device inside of the gaming apparatus while the 
gaming apparatus is powered up. 

20 39. The method of claim 32 wherein the computer communication device is in 

communication with a security device inside of the gaming apparatus while the 
gaming apparatus is executing a casino game. 

40. The method of claim 32 wherein after an external source downloads 

25 information through the processing intelligence to the storage media , the processing 
intelligence authenticates casino gaming data in storage media. 

41. The method of claim 40 wherein the external source comprises a casino 
controlled source of information. 



30 



42. A method of verifying casino gaming data in a computer-based gaming 
apparatus comprising connecting a computer communication device to an external 
communication port on a casino gaming apparatus so that the computer 
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communication device is in communication with a security device inside of the 
gaming apparatus that is distinct from a game computer and storage media in the 
gaming apparatus, and the security device verifies casino gaming data in storage 
media. 

43. The method of claim 42 wherein the security device communications 
verification of casino gaming data to the computer communication device. 



44. The method of claim 42 wherein while the computer communication 

10 device is exchanging verification information with the security device storage media 
and the gaming computer communicates with storage media, communication between 
the computer communication device and the storage media pauses or ceases. 

45. The method of claim 42 wherein the computer communication device is in 
1 5 communication with the security device and the security device is in communication 

with the storage media and the security device is not in communication with the 
gaming computer. 

46. The method of claim 42 wherein the computer communication device is in 
20 communication with the security device inside of the gaming apparatus while the 

gaming apparatus is powered up. 

47. The method of claim 42 wherein the computer communication device is in 
communication with the security device inside of the gaming apparatus while the 

25 gaming apparatus is executing a casino game. 

48. A method of authentication of data within a gaming machine during 
operation, comprising: 

providing a gaming machine with a host computer, a security device 
30 comprising separate intelligence and associated memory, and at least one storage 
media for storing gaming data; and 

while the gaming machine is in operation, verifying the data in the storage 
media by executing a verification program on the separate intelligence. 
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49. The method of claim 48, wherein a verification method used to verify the 
data in the storage media is zero knowledge proofs. 

5 50. The method of claim 49, wherein host computer functions are not altered 

by execution of the verification program, unless the data cannot be verified. 
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AMENDED CLAIMS 

[received by the International Bureau on 01 May 2003 (01.05.03); 
original claims I, 18-19, 32, 42 and 48 replaced by amended claims 1 , 1 8- 1 9, 32, 42 and 48; 
new claims 51-52 added; remaining claims unchanged (8 pages)] 

COPY OF CLAIMS AS AMENDED 

1 . Ad authentication enabling system for an electronic gaming system 
comprising: 

processing intelligence separate from a host gaming computer; 

at least one information storage medium communicatively connected 
to processing intelligence; 

the processing intelligence communicatively connected to a gaming 
computer; 

wherein the at least one information storage medium is write protected or read 
only memory; and 

the processing intelligence contains an authentication function to authenticate 
data comprising at least executable game code on the at least one information storage 
medium. 

2. The authentication enabling system of claim I wherein an outlet port is 
provided on the system to enable read out of results of performance of the 
authentication function. 

3. The authentication enabling system of claim I wherein a memory storage 
element must be directly accessed to enable read out of results of performance of the 
authentication function* 

4. The authentication enabling system of claim 1 wherein the authentication 
function is a continuous function. 

5. The authentication enabling system of claim 2 wherein the authentication 
function is a continuous function. 

6. The authentication enabling system of claim 3 wherein the authentication 
function is a continuous function. 
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7. The authentication enabling system of claims 1 , 2, 3, 4, 5 or 6 wherein both 
the at least one information storage medium and the processing intelligence are 
contained within a single housing that does not contain gaming peripherals, 

8. The authentication enabling system of claims 1 , 2, 3, 4, 5 or 6 wherein the 
at least one intelligence storage medium is read only memory. 

9. The authentication enabling system of claims 1, 2, 3, 4, 5 and 6 wherein all 
intelligence storage media within the single housing is read only memory, 

10. The authentication enabling system of claim 7 wherein all intelligence 
storage media within the single housing is read only memory. 

1 1 . A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claims 
l f 2, 3 T 4, 5 or6and a game computer. 

12. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 
7 and a game computer. 

13. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 
S and a game computer. 

14. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

9 and a game computer, 

15. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

10 and a game computer. 
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1 6. A gaming apparatus having a reel slot gaining display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

1 1 and a game computer. 

17. A gaming apparatus having a reel slot gaming display or a video gaming 
display comprising a housing containing the authentication enabling system of claim 

12 and a game computer. 

18. A gaming apparatus comprising a housing, a game computer, a storage 
media having at least some casino game information, an external accessible port, and 
an externally accessible pass through security device that can be accessed through the 
external accessible port, the externally accessible pass through security device being 
capable of enabling verification of at least some casino game information comprising 
at least executable game code. 

19. A gaming apparatus comprising a housing a game computer having 
memory, a storage media having at least some casino game information, an externally 
accessible communication port, and communicatively between the game computer 
and the storage media an externally accessible pass through security device that can 
be accessed through the externally accessible port, the externally accessible pass 
through security being capable of enabling verification of casino game information 
comprising at least executable game code. 

20. The gaming apparatus of claim 19 wherein the game computer 
communicates with storage media through the externally accessible pass through 
security and the EAPTSD allows communication through the externally accessible 
communication port to or from the storage media while preventing external 
communication to the game computer. 

21 . The gaming apparatus of claim 20 wherein the externally accessible pass 
through security prevents communication through the externally accessible 
communication port from writing on the storage media. 
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22. The gaming apparatus of claim 19 wherein the externally accessible pass 
through security allows communication to storage media with approval of the 
communication content. 

23. The gaming apparatus of claim 18 wherein the externally accessible pass 
through security allows communication to storage media and prevents such 
communication from writing on storage media. 

24. The gaming apparatus of claim 1 8 wherein verification communication 
through the external addressable communication port to externally accessible pass 
through security allows verification communication to storage media with no 
contemporary verification communication from the game computer to the storage 
media. 

25. The gaining apparatus of claim 18 wherein verification communication 
through the external addressable communication port to the externally accessible pass 
through security allows verification communication to storage media with no 
contemporary verification communication from the game computer to the storage 
media. 

26. The gaming apparatus of claims 24 or 25 programmed so that extant 
verification communication between the externally accessible pass through security 
and the storage media pauses when game communication is initiated by the game 
computer to the storage media. 

27. The gaming apparatus of claim 26 wherein verification communication 
that has been paused continues or reinitiates when game communication ceases 
between the game computer to the storage media. 

28. The gaming apparatus of claim 26 wherein verification communication 
that has been paused continues or reinitiates when game communication ceases 
between the game computer to the storage media. 
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29. The gaming apparatus of claim 17 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
external addressable communication pent. 

30. The gaming apparatus of claim 18 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
external addressable communication port. 

31. The gaming apparatus of claim 21 wherein a microprocessor is externally 
connected to the externally accessible communication port, and verification of casino 
game information is performed on a microprocessor that is externally connected to the 
externally accessible communication port. 

32. A method of verifying casino gaming data in a computer-based gaming 
apparatus comprising connecting a computer communication device to an external 
communication port on a casino gaming apparatus so that the computer 
communication device is in communication with a) a security device inside of the 
gaming apparatus that authenticates data on information storage media within die 
apparatus and is distinct from a game computer and the information storage media in 
the gaming apparatus, and the computer communication device authenticates casino 
gaming data in storage media comprising at least executable game code. 

33. The method of claim 32 wherein the security device continuously 
authenticates casino gaming data in storage media. 

34. The method of claim 32 wherein while the computer communication 
device is in communication with storage media and the gaining computer 
communicates with storage media* communication between the computer 
communication device and the storage media pauses or ceases. 
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35. The method of claim 34 wherein when communication between the 
gaming computer and the storage media ceases, communication between the 
computer communication device and the storage media begins or continues, 

36. The method of claim 32 wherein the compute- communication device is in 
communication with a security device inside of the gaming apparatus that is distinct 
from a game computer and storage media in the gaming apparatus and the security 
device is in communication with the storage media. 

37. The method of claim 32 wherein the computer communication device is in 
communication with the security device inside of the gaming apparatus that is distinct 
from a game computer and storage media in the gaming apparatus and the security 
device is in communication with toe storage media and the security device is not in 
communication with the gaming computer* 

38. The method of claim 32 wherein the computer communication device is in 
communication with a security device inside of the gaming apparatus while the 
gaming apparatus is powered up. 

39. The method of claim 32 wherein the computer communication device is in 
communication with a security device inside of the gaming apparatus while the 
gaming apparatus is executing a casino game. 

40. The method of claim 32 wherein after an external source downloads 
information through fee processing intelligence to the storage media, the processing 
intelligence authenticates casino gaming data in storage media. 

41 . The method of claim 40 wherein the external source comprises a casino 
controlled source of information. 

42. A method of verifying casino gaining data in a computer-based gaming 
apparatus comprising connecting a computer communication device to an external 
communication port on a casino gaming apparatus so that the computer 
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communication device is in communication with a security device inside of the 
gaming apparatus that is distinct from a game computer and storage media in the 
gaming apparatus, and the security device verifies casino gaming data in storage 
media comprising at least executable game code. 

43. The method of claim 42 wherein the security device communications 
verification of casino gaming data to the computer communication device, 

44. The method of claim 42 wherein while the computer communication 
device is exchanging verification information with the security device storage media 
and the gaming computer communicates with storage media, communication between 
the computer communication device and the storage media pauses or ceases. 

45. The method of claim 42 wherein the computer communication device is in 
communication with the security device and the security device is in communication 
with the storage media and the security device is not in communication with the 
gaming computer. 

46. The method of claim 42 wherein the computer communication device is in 
communication with the security device inside of the gaming apparatus while the 
gaming apparatus is powered up. 

47. The method of claim 42 wherein the computer communication device is in 
communication with the security device inside of the gaming apparatus while the 
gaming apparatus is executing a casino game. 

48. A method of authentication of data within a gaming machine during 
operation, comprising: 

providing a gaming machine with a host computer, a security device 
comprising separate intelligence and associated memory, and at least one storage 
media for storing gaming data; and 
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while the gaming machine is In operation, verifying the data in the storage 
media by executing a verification program on the separate intelligence to authenticate 
data in the storage media comprising at least executable game code. 

49. The method of claim 48, wherein a verification method used to verify the 
data in the storage media is zero knowledge proofs, 

50. The method of claim 49, wherein host computer functions are not altered 
by execution of the verification program, unless the data cannot be verified. 

51 . The authentication enabling system of claim 1 wherein an outlet port is 
provided on the system to enable read out of results of performance of the 
authentication function on the storage media which has write protection and is for an 
electronic gaming system comprising a reel slot or video gaming system. 

52. The authentication enabling system of claim 1 wherein a memory storage 
element must be directly accessed to enable read out of results of performance of the 
authentication function on the storage media which has write protection and is for an 
electronic gaming system comprising a reel slot or video gaming system. 
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